New cookie regulations: latest ‘advice’
So it seems I am eating my words on the issue of the new EU cookie regulations. The latest information on the subject, published by the Information Commissioner’s Office seems to be adhering to the letter of the EU directive far more than most in the industry would have believed. It appears I personally may have underestimated the degree to which the UK government intends on applying these regulations.
A brief summary of the key points:
- Comes into effect on the 26th May 2011
- This affects all cookie types (1st, 3rd & flash cookies or ‘locally stored objects’)
- Website owners will require explicit consent from a user to set all but ‘strictly necessary’ cookies.
- The Information Commissioner’s Office will not be prescribing acceptable methodologies for achieving this consent. You have to interpret this yourself.
But I thought they were just after behavioural advertising networks?
Yes, we did too. It appears that somewhere down the line a misguided computer novice in Brussels/Whitehall/wherever they outsource unimportant ‘computery stuff’ to clicked the ‘typewriter-says-no’ key instead of the ‘yes of course we will allow sensible use of web analytics cookies which do not track sensitive personal information’ button. A tragic mistake for the industry.
Surely it won’t be that rigidly applied?
Well, I’ll start with the good news; very few will believe that these regulations may actually be enforced from the stated date of the 26th of May. I also believe that given the manpower of the bodies concerned their power and remit will be limited to responding to concerns of serious breaches. They may never be fully able to police this change. If you’re a website owner, web analyst or online marketer, that, I believe is where the good news ends.
The real worry is that It’s getting late for a retraction or modification of the policy wording. If you asked me a month ago I would have held out a lot of hope that someone up high would see sense and realise how anti-progress this regulation is. That this should only affect third party cookies and target ad networks. Sadly not.
Is it the end of web measurement in the UK?
In a word, no. But it is going to be disruptive in the short/medium term until we work out the best way to satisfy the bureaucrats whilst still getting our data. To what degree this is disruptive I believe is dependent on how seriously site owners choose to take these legislations. It's very easy to say ''well, it's too hard to police, what are they going to do if we get caught out anyway" but the fact is that organisations have to care about policy and privacy where online is concerned. The higher the profile of the company, the tighter they will need to be in following these regulations. Fear of media privacy-breach floggings is very real. Ask Larry and Sergei how much their monthly legal retainer is if you don't believe me.
But, we'll find a way around it, right?
Yes I’m sure we can. Hey why not let’s look at this as an opportunity to grab more information. If we’re gaining explicit consent, why don’t we get users to consent to more data being taken!
Beyond the fact that this change of directive is more inconvenient for me, the lack of clarity on exactly what constitutes 'explicit consent' and how we achieve it is mind blowing. Which is good because it gives us lots of room to interpret things our way. And of course, bad as it gives us plenty of room to get caught doing it in a way that isn’t sanctioned.
In practice then....
When was the last time you read the Ts&Cs on your favourite airline website before making the purchase? You still ticked the ‘I read and accept these T&Cs’ box, right?
Perhaps that’s what we’ll end up with. A big old scrolling mess of small print that a user has to accept (without reading) before they’re allowed to look at the site. How’s that for usability? And who wins in that scenario, um , literally no one.
But Ben, they’re just protecting us from the evil companies
Well, perhaps there are companies out there who seek to do great wrong via the collection of small insignificant pieces of jumbled up text and letters. Most of us just want to improve the returns from our marketing and make our websites easier for users to find what they need. Believe it or not, I couldn’t find a single incidence of a death or serious injury which could be directly attributable to a website cookie. We need an open forum with the government on this issue. So far all we have is a half-hearted, ill-conceived ambiguous pile of nonsense.
Image by Featherweightgoods.com