Digital Marketing Manager at Great Ormond Street Hospital Children's Charity
05 May 2011 12:23pm
Ahead of the EU's cookie ruling coming into effect on the 25th May, I'm interested to find out how other organisations are preparing for this. Will you be going live with an opt-in system on the 25th, or waiting to see what happens with IOC guidance?
Finally are there any resources/links that might be useful?
Ecommerce Director at Monocore
05 May 2011 13:40pm
This article on Giga Om is worth a read: http://gigaom.com/2011/04/18/britain-says-no-thanks-to-europe%E2%80%99s-cookie-monster/
It suggests that we're OK for a while.
There's a very amusing example of what it do to the user experience here: http://www.davidnaylor.co.uk/eu-cookies-directive-interactive-guide-to-25th-may-and-what-it-means-for-you.html
CEO at Econsultancy
09 May 2011 09:21am
My assumption is that the UK's interpretation will be that 'opt in' is controlled by the user via his/her browser settings i.e. nothing will change.
So for the moment we're just ignoring it to be honest. I think it's a bad idea, anyway, to try and get users to opt in to cookies so we wouldn't make any changes until absolutely forced to.
Head of Digital at QualitySolicitors
12 May 2011 09:35am
I've been following this quite closely and it seems quite likely whilst for the most part Ashley is right that the onus will be with the user/browser, there is a responsibility to ensure you make it explicit on your site what you're doing with cookies and make it easy to opt out. For example doubleclick clients are usually asked to add some copy to privacy statements with a link to opt-out. Make this as clear as possible.
Here is something I've written up internally for Tesco but more than happy to share here:
When I first heard this a few years ago no one could see it being a reality. Now that its a reality, no one believes it will be easily enforceable and indeed whether it will make any difference to privacy (there are always ways around 'laws' in the digital world) - it is basically switching the current opt-out model in place worldwide for cookies, into an explicit opt-in model, specifically for behavioural targeting across websites (it is unclear on the effect on on-site behavioural targeting). That is, the likes of Doubleclick/Criteo that track users across sites then within client sites, serve relevant ads is deemed as cross-site behavioural targeting sites... go browse M&S or Halfords then browse around Hotmail, Yahoo, Sky and you'll most likely see the products you browsed served as ads. However on-site behavioural targeting tools I believe (like recommendations tools, mvt), remain unaffected. The directive tries to split 'explicitly required' cookies from 'marketing cookies' such that it is marketing cookies which track your online behaviour which is under threat...
Firstly, here's a humorous view of it, worth reading the pop-ups to get an idea of how accepting cookies could work at the extreme side of things: http://www.davidnaylor.co.uk/eu-cookies-directive-interactive-guide-to-25th-may-and-what-it-means-for-you.html
Then the serious part:
1. Users must explicitly opt-in to allowing ANY cookie enabled device to store certain types of cookie, whether first or third party
2. Whilst this becomes UK Law on the 25th May 2011 (submitted to the EU in 2009**), an amnesty is offered within the UK and companies will not face prosecution if they fail to comply immediately, as companies will understandably be seeking legal guidance on what to do* (update, this has been extended to end of June)
3. It has still not been decided whether browsers should carry the burden of asking the customer to accept the cookie, or whether each and every website needs to do this; my personal opinion is that for every website in the UK to request opt-in is highly unlikely and instead the most likely solution will be a browser update of some sort but then you have the issue of older browsers not having this capability... *
4. We should as matter of course, review Privacy policies of all our websites and ensure they clearly state what data we collect and why we collect it, at the very least which is common best practice (though this law is partly designed to stop websites from hiding this information from users to an extent)
5. [confidential note: removed]
6. "The directive actually applies to only one specific type of cookie: those used by advertising systems to record the sites you visit" ***. If this is true, and it needs substantiation, it would predominantly affect tags such as Atlas, Doubleclick and other similar tracking tags which track users across multiple websites.
7. The funniest thing? Well if you visit a website and reject cookies, then each AND EVERY time you visit that website you will be prompted on whether to accept the cookie; how else would the browser or website know that you'd already said no?!!! "This on its own is likely to lead most customers to (eventually) opt in for the sake of their sanity." ****
8. An interesting note "The response to complaints about firms that flout the directive will be viewed in light of what they have done to prepare for it, continued Mr Graham.[Information Commissioner]"*****
** EU Directive: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:337:0011:0036:En:PDF (this is an amendment of the 2002 Privacy and Electronic Communications Directive)
12 May 2011 11:07am
Thanks for that - very comprehensive and interesting. I particularly enjoyed your point 7!
Director at Watson Hall Ltd
31 May 2011 10:06am
Just a note to say discussion continues here:
Free market research on digital marketing
Daily Pulse: award winning newsletter
It takes 30 seconds to register