The EU E-privacy Directive will be enforced from the end of next month, and businesses have some big decisions to make about how they will comply.
Will businesses attempt to fully comply by using an opt-in consent box for users, will they attempt to do just enough to escape the attentions of the ICO, or simply do nothing?
I asked some of the expert contributors to our EU Cookie Law: A guide to compliance report how they intend to comply with the cookie law.
Will you be going for full compliance (whatever that is) or aiming to do 'just enough' to show some willingness to comply?
Matthew Curry, Head of E-commerce at Lovehoney:
We're taking the stance that this is first and foremost about privacy. Privacy and discretion is important to our customers, much more than other industries, so we should be leading the way here in any case.
I don't think anyone actually understands what full compliance is, but I'm taking it as the visitor being able to pick and choose what cookies and information are stored about them before they land on the site.
This is going to be A LOT of work, so we have to do it piecemeal. I think implementing something sooner rather than later, so you can test designs is sensible, as well as helping visitors get accustomed to seeing a privacy message.
Depesh Mandalia, Head of Conversion & Product at ticket.com:
I suspect the ICO is going to firmly focusing on the larger businesses initially so if I were a larger organisation I'd certainly aim to do my utmost to comply.
However, I don't think SMEs are going to be in a position to fully comply so we may approach this in a similar way to Econsultancy with a conscious effort to inform and educate.
Craig Sullivan, Group Customer Experience Manager, Belron International Ltd:
In addition we also prepared a table of the cookies used on the website, setting out the name and the eventual purpose of the cookie.
We have tried to balance the requirements of the law with the needs of our business, and we think that we have reached the best solution in the circumstances, particularly as we do not use behavioural tracking cookies on our websites.
We believe that any explicit opt-in option would not only harm user experience, but would have an unfair negative impact on our business, and put us at a competitive disadvantage.
CEO, online retailer:
Our answer is pretty short and sweet. We're going to wait to see if anyone gets hit by it and go from there. I.e. do nothing and waste no cash as I think it could all fall down and I don't want to waste precious resources working on this if it's an empty threat.
We aren't first in line and I'm sure that any notification from on high would give you time to remedy the matter. There seems to be no benefit to investing resources and money until such time as someone rattles our cage.
Do you think that most businesses will comply, or simply seek to build a defensible position (carry out audit, add clearer cookie messaging etc)?
Obviously, businesses aren't going to rush into something that is likely to harm themselves. I would expect everyone does the minimum possible, and see what Amazon, ASOS, Tesco etc do - which I expect will be very little.
I'm astounded that there isn't financial help for small business that have to comply. All this development work isn't going to be cheap if you're not on a platform.
I'd frown very severely at platform providers that try to charge for implementation though - since it "should" be a common solution across all their clients.
Remember 3DSecure being mandatory on Maestro cards? When it was first implemented, it was sucky as all hell and no-one understood it.
It's still sucky but now it's become common enough to not be an obstacle. That's the trick. If someone (preferably ICO) come up with a single, common design pattern, that can just be plugged into your site, then it won't be so much of an issue. And yes, the browser sounds like the right place for this.
Head of E-commerce, online fashion retailer:
Most business are building a defensible position so far I have run an audit, and started to write a clearer cookie message, going forward we will allow customers to switch off cookies on the site, but it will require a positive action from them to do so (Very similar to BT.com).
From what I've seen and read I believe most companies are trying their best to comply however what that looks like is the root problem of all of this.
I don't believe businesses want to intentionally take a lighter approach to implementation but the guidance isn't the most helpful and so many aren't sure of exactly what they should be doing and the likely impact on their business.
Think of the digital switchover: users have been informed of this change over a period of years to help them adjust.
In a similar way the ICO or the digital arm of the Government could have ran an online campaign over the last year informing users of a change in how websites will service them from the 25th May 2012 easing them into this and potentially enabling businesses to interact with their customers during this phase to create a solution which works for both the end user and the business.
Manley, SEO Director at LBi:
I believe that a defensible position is going to be an approach used by many, but I also believe that still more businesses will implement a ‘cheat’ solution in the hope that they get away with it.
I personally feel that overt sneakiness is not a good way to build relationships with users. Be honest, your users will respect you for it.
Image credit: anomalous4 via Flickr.