The EU 'cookie law' is clearly a threat to online business in the UK, whether through higher bounce rates caused by intrusive cookie opt-ins, or loss of income if customers opt out of third party cookies used for remarketing and ad targeting.
Some have estimated that it will cost the UK economy £10bn in a worst case scenario, but this is just guesswork at the moment.
I asked some of the expert contributors to our EU Cookie Law: A guide to compliance report how the EU E-privacy directive will affect their business, and if it's possible to comply without affecting usability.
Is it possible to comply with the E-privacy directive without harming your business?
Matthew Curry, Head of E-commerce at Lovehoney:
No, to put it bluntly. Imagine if a lot of your business was taken via retargeting, no-one is going to choose to opt in to have a pair of trousers chase them around the internet.
If you do manage to get opt-in via some rather persuasive writing, how is that an improvement? There are also some technologies, such as landing page optimisation via MVT, that is actually impossible to do if you strictly comply with the directive.
Head of E-commerce, online fashion retailer:
No. By adding a cookie popup, roll down etc it will act as a barrier. As consumers are unaware what cookies do, they will naturally reject them.
Depesh Mandalia, Head of Conversion & Product at ticket.com:
If the definition of harming your business is in lost sales or leads, then I don't think compliance will have a direct causal effect.
Part of the guidelines refer to being able to continue operating cookies which are required to 'use' your website such as a cookie used to remember you through the checkout.
E-commerce sites cannot operate without this cookie therefore it passes as an 'exceptional' cookie under the guidelines.
If however the definition of harming your business is not being able to analyse user journeys, track interactions on your site etc to improve the user experience then yes complying could well impact the future success of your business if your users opt-out en-masse leaving a gaping hole in your data insights.
Manley, SEO Director at LBi:
Yes. LBi have implemented solutions which have resulted in a zero bounce rate.
I would not say that this was always achievable, but a sensitive, honest and above all transparent approach to implementation can have a very minor effect on visitors or on data retention.
Craig Sullivan, Group Customer Experience Manager, Belron International Ltd:
We run many millions of tests every month on our sites. We know from experience and testing, that interrupting people with a new opt-in interface or a 'Halt' message will actively harm both the user experience and our business.
For example, if John Lewis had bouncers who made you sign a CCTV recording consent form, before you entered the store - how would you be feeling about that experience? Why would we do this online, if we wouldn't do it with retail?
European companies implementing a full opt-in user interface will find two things. Firstly, that their conversion rate drops and secondly, that their ability to use customer tracking reduces their ability to improve their site.
As people struggle in difficult economic conditions, asking them to hobble one of their fastest growing business channels seems counter intuitive.
Belron truly believes in the value of using customer feedback to continually improve our products. We get extremely good customer satisfaction scores for our online and offline efforts, so we feel it's unfair to apply something that doesn't reflect the actual use that's made of any data.
What are the pros and cons of an interruptive approach, such as a lightbox with active opt-in?
The best example I've seen and highlighted has been the BT implementation, which creates a little lightbox in the bottom right of the screen then allows you to select the level of privacy you wish to use with them by way of a slider.
Now the crucial part here is informing the user the pros and cons of each privacy level. This is important for the user to understand there is a bit of give and take.
Many cookies are dropped for convenience purposes (ie remembering your login details) which then allows the website to identify you on your next visit.
If a website wants to gain informed consent on an opt-in basis (and I am aware that some do not) then an interruptive approach will possibly result in a very small increase in bounce rate, but is likely to gain consent from the vast majority of users.
In almost all cases this would be my preferred approach.
Having an interruptive process, in which a user MUST make a decision, looks to be the only way to strictly comply.
There's a big nasty get-around of course. Lumping all your cookies into one giant mega-cookie, and saying that it's needed for your site to function (with some dev work required). You then have the "implied consent" get-out by saying if they start to use your site after being shown a message, that's consent.
However this doesn't feel like it's in the spirit of the directive, and actually makes the process less transparent to the user.