89% of UK consumers think that the EU cookie law is a positive step, though 75% had not heard of the e-Privacy Directive before they were surveyed.
Funnily enough, a similar proportion of marketers (82%) in a recent Econsultancy/Toluna survey think the opposite and view the cookie law as a real threat to the web.
The stats come from a survey of 2,000 consumers carried out by eDigitalResearch and IMRG last month.
According to the IMRG's Andy Mulcahy, the directive provides "an opportunity for retailers to increase trust and loyalty through a clear, unobtrusive and customer-friendly cookie notification process".
I'm not so sure about that...
The survey results
Here's a summary of the key findings from the survey. The results broadly match those found in our recent consumer survey, though we didn't ask consumers whether they thought the directive was good for the web, as we thought it would be too tricky to explain succinctly.
I do wonder about the 89% figure. Were consumers told about the potential threat to online businesses, and their own user experience, or simply that is was a law designed to improve privacy online?
75% of the 2,000 consumers surveyed have not heard of the new EU cookie directive. Of those that had, only 16% were truly aware of what changes would come into effect on May 26th.
- After being told about the directive (wonder how long that took to explain?) 89% of those surveyed felt that it was positive for consumers and 79% agreed that the changes were needed due to the lack of public knowledge about cookies.
Are marketers and consumers that far apart?
While the difference between the views of the consumer and the marketers we surveyed may suggest that the latter are not listening to customer concerns, I think there is more to it than that.
For one, the 82% of marketers who believe the cookie law is bad for the web do not necessarily disagree with the 'spirit' of the directive, just the ham-fisted way in which it has been applied.
This is a typical comment from our survey:
While I'm all for protecting privacy, the bit of this directive that applies to cookies has been ill thought out and even more badly applied, by someone who doesn't understand the technology. Rather than try and analyse what cookies are actually intrusive, they've just 'banned' the lot!
Are you concerned about your privacy when browsing and buying online?
In short, nobody really objects to consumers being informed about the information that websites take from them and how they use it, but the directive and its implementation will possibly hinder this process.
Public perception of cookies
It's clear that users need to be educated about cookies and what they are used for, as there are many people who seem to view them as something to be feared.
33% of those surveyed by IMRG believed that cookies could be used for viruses and Trojans, while in our survey 40% said they thought cookies were bad for the web.
This is a big problem for online businesses, as many people are likely to opt-out of cookies for the wrong reasons, and this is a real threat to online businesses.
I'm all for consumers being given the information they need to make an informed decision about cookies, and if websites make cookie and privacy policies more prominent and informative as a result of this, that's no bad thing.
At Econsultancy, we have made our privacy and cookie information more prominent, and users of our site can see exactly what information we gather and why. After reading this, users can make their own decisions about whether to block cookies using their browser settings.
If the demands of the directive stopped at this point, I think there would be very few people who would argue with it.
The problem is that the demand for overt and informed consent means that, if websites comply, users will begin to see all sorts of scary messages about cookies associated with words like targeting and tracking.
Since many already see cookies as a bad thing, many are likely to say no without actually thinking, while others will just be irritated by interruptive messaging and abandon the site. Thus online businesses lose sales and revenue, while the customer is no more informed than before.
According to Lovehoney E-commerce manager (and now TV star) Matthew Curry:
Many people don't understand the technology, and the Cookies = Evil message implied by the directive is just going to make it worse. Try explaining to your average user what an affiliate is, or a session, or MVT. It's not going to work.
This HAS to be a message about privacy, and being open to your visitors about what you do in the simplest language possible.
Will the cookie law make the web safer?
Really, most consumers have nothing to fear from cookies, and they do much to improve the user experience.
Do analytics cookies do users any harm? No, they don't store any personally identifiable information, and actually allow websites to improve by learning from usage patterns.
Of course, cookies used for ad targeting are likely to be the most objectionable to web users. The words targeting and tracking conjure thoughts of Big Brother, but all they do is improve the relevance of advertising for the average user.
This is no bad thing, and people are free to ignore ads or even use adblockers to get rid of them.
I can see why people object to retargeting, and it is techniques like this which may have triggered the update to the PECR.
Then there's the point that cookie consent pop-ups hamper reputable businesses while doing nothing to safeguard consumers against dodgy sites.
This point has been well made by Martin Belam:
One of my biggest concerns with the new emphasis on gaining consent for placing cookies on a user’s computer is that it means mainstream sites and businesses will spend the time and effort to make systems that will interrupt the browsing experience, whereas those that are planning nefarious activities won’t bother.
Ironically the legislation will make the user experience of sites that mean you and your data harm smoother and easier than the user experience of sites that are being responsible about cookies.
Publishing and online ad revenue
We all know about the problems that many publishers are having as offline ad incomes shrink, and if newspapers are to keep their content free for consumers, then they have to make money somewhere.
Of course, some take it too far with pop-ups, interstitials etc, and spoil the user experience, but not every site. However, if users want free content by quality writers, then they have to be paid somehow, and ad targeting is one such method.
Martin Belam made this point in the comments of a Guardian article on cookies, and there wasn't much sympathy for his opinion:
I must say that on a personal level it always dismays me the number of people who are happy to come onto the Guardian site, where we rely on commercial components to pay for the journalism, and then use our free commenting platform to recommend that people use AdBlock, or disable the analytics scripts that are the only way we can measure usage of the site to prove the worth of it to advertisers.
It basically says ‘I’ll have your news for free thanks, and I don’t even want you to be able to generate the money it has cost you in bandwidth and storage to serve the page - let alone pay for the reporting.’
Is it possible to have an "unobtrusive and customer-friendly cookie notification process" as the IMRG suggests?
I'd say it's tricky. It's well documented that any barrier to the user's progress through a website, such as compulsory registration, increases the likelihood that customers will abandon.
Therefore even the most cleverly worded and well designed cookie consent mechanisms, such as BT's, will inevitably cost some sales.
Belron's Craig Sullivan sums this up:
We run many millions of tests every month on our sites. We know from experience and testing, that interrupting people with a new opt-in interface or a 'Halt' message will actively harm both the user experience and our business.
European companies implementing a full opt-in user interface will find two things. Firstly, that their conversion rate drops and secondly, that their ability to use customer tracking reduces their ability to improve their site.
The results of this survey highlight consumer concerns about privacy, but also the difficulties that websites will face if they are forced to ask for consent to set cookies.
It's possible to have an unobtrusive and consumer friendly cookie notification process if solutions such as Econsultancy's and those adopted by John Lewis are considered to be acceptable.
I appreciate that the ICO is in a difficult position and is trying to take business concerns into account while attempting to take the directive seriously, but the lack of clear guidance has caused much confusion among online businesses.
We're a few weeks away from the 'deadline' and, short of carrying out cookie audits and enhancing privacy policies, most are still unsure how to comply.
It seems that the ICO, which doesn't know what compliance is, will consider this to be enough in most cases (at least for analytics cookies) but how this will apply to other cookies remains to be seen.
However, if strict consent is forced upon websites, then users and businesses will suffer for very little gain.
That said, I think very few businesses will 'fully comply' unless the enforcement of the law after May 26th leaves them no alternative. Let's hope common sense prevails.