While most digital marketers are making at least some preparations for the implementations of the EU’s e-Privacy Directive, the vast majority see it as a negative step for the web.

Econsultancy has surveyed more than 700 marketers for their opinions on the EU cookie laws, and to find out what preparations have been made for the May 26 deadline. 

We have published the full results of our EU e-Privacy Directive Survey for you to download, but here are some of the highlights from the study. 

(UPDATE, 18 April 2012: Our new report, The EU Cookie Law: A Guide to Compliance, explains the legislation as far as it affects UK online businesses, sets out some practical steps that you can take towards compliance, and includes examples of how websites can gain users’ consent for setting cookies. Do check it out.)

What do digital marketers think of the EU cookie law? 

Not surprisingly, the vast majority of respondents don’t see any positives in the e-Privacy Directive. Just 18% think the directive is a positive development for the web. 

In your personal view do you think the EU e-Privacy Directive is a good / positive development?

Respondents were also asked to leave comments, and here’s a representative sample: 

Plain and simple – this change will KILL online sales….

It’s a genuine attempt to manage privacy issues but it’s created by politicians and fails to address the realities of doing business.

While I’m all for protecting privacy, the bit of this directive that applies to cookies has been ill thought out. Rather than try and analyse what cookies are actually intrusive, they’ve just ‘banned’ the lot! The lack of advice or guidance from the EU or Govt has made things worse.

It is positive in highlighting the use of cookies to users however I think the potential need for each site to gain permission from users is going to damage the user experience.

It’s a travesty of an orchestra, conducted by Terry F***witt. They fail to discriminate between bad (multi-site/advertising/targeting) stuff and good stuff (me using Clicktale or analytics to help UX).

Are digital marketers aware of the EU Directive? 

More digital marketers have heard of the directive than you might think.

57% of our respondents have read the e-Privacy Directive, while 67% say they are aware of the date that it becomes enforceable in the UK. 

Also, 64% have read the guidance on the directive which was published by the Information Commissioner’s Office (ICO). See Ashley Friedlein’s article for our take on this guidance and what it means. 

Have you read the guidance from the UK’s Information Commissioner’s Office (ICO)?

Some thoughts from our respondents on the ICO guidance: 

It’s like the blind leading the blind, sometimes it just seems that people in charge are so out of touch, it’s sad.

Do they implement it properly themselves? Aren’t they seeing a huge dip in their analytics just at the time they need to know? (Yes, they are)

Guidance from the ICO, although painful, is as sensible as it can be, given the absurdity of the EU directive

I feel the “guidance” was fairly useless in terms of how to actually deliver. Doing a cookie audit is as far as they will go, that’s the easy bit!

Are marketers making preparations for May 26? 

The first step online businesses need to take to prepare for the implementation of the directive is to look at existing cookies on the site and to decide what is and isn’t important.

According to our survey results, 54% have carried out a cookie audit in preparation for the deadline. 

Has your company done an audit of cookie usage in preparation?

It may seem like a simple first step, but that can depend on the type of online business. Some comments: 

This is a difficult task for many businesses, especially with no in-house tech skills, or where third party functionality (e.g. quoting engines ) is integrated.

We are in the process of doing an audit at the moment – unfortunately we have about 200 websites built by a variety of suppliers over the past decade so it’s a long and arduous process!

Some respondents haven’t audited cookies, and intend to defy the EU: 

We don’t intend to (audit cookies). Civil disobedience in the face of atrocious law. Strength in numbers, who will they sue first?

Our entire business model is based on tracking transactions on our sites. We wouldn’t be in in existence without them and we would disappear if we followed the directive.

We are going to wait to see what happens to other people on the basis that we’ll be REALLY unlucky if it’s us that gets prosecuted first.

However, others see this as a positive step:

We had way more cookies that we realised. In this regard the legislation has probably done us a favour from a page load perspective, if nothing else! It’s also helped us push a container tag solution through IT.

Do marketers understand the options for gaining user consent?

Exactly how websites will gain consent from users to store cookies is the big question here. Just 39% say they have an understanding of the options for asking users for permission. 

Do you have a clear understanding of the user interface options to get consent?

The comments from respondents suggest that there is some confusion here.

Some are hoping for a browser-level solution to cookie consent, but the directive says that users need to give overt and informed consent, so the user experience does need to be interrupted in some way. It’s the extent of that interruption that businesses need make a judgement on. 

There are a range of options for gaining user consent (we showcase three examples here) but there are pros and cons for each and the solution may well depend on the type of website and business model. 

According to Foolproof’s Meriel Lenfestry

A site which only uses cookies which drive core features the user explicitly requests, e.g. shopping basket in an e-commerce site will probably be compliant without changing anything. This is true of very few online services. For the rest, it is not possible to comply without affecting the user experience.

The lack of a unified solution is a worry for some respondents, as they fear it will lead to much confusion for web users: 

My concern is that there is no industry use of consent and users will get confused if lots of different techniques are used. The simplest way to promote this is that users can opt out via their browsers.

It seems there are a number of ways we could do this and none of them particularly great. I worry that users won’t read any notices properly, will disable cookies without really realising and then wonder why the website isn’t working/as intuitive as it was before.

This comment says it all:

The option mechanics are simple enough. The issue is when/whether they should be used. They will scare people about something that is in most cases innocuous. Are we asking people that forcefully if supermarkets can profile shoppers, or if shops can monitor behaviour or if they are OK to be filmed on CCTV?

Do people really feel exposed and do they really understand how things would work without such business intelligence being gathered. Perhaps we should ask in the pop up “click here if you want to damage the economy, make the UK less competitive and risk unemployment and damage the UK’s position as a top digital economy”.

It seems that some respondents will simply wait and see what others do: 

..we will adopt the absolute legal minimum as late as possible – let other people go first and see what happens…

Do web users even know what cookies are? 

One major issue with this directive is public awareness of what cookies are and what they do.  

Cookies have existed on the web for years without any need for the public to be made aware of them. Sure, they are mentioned in the T&Cs on every website, but who reads them? 

Suddenly, web users will be seeing messages about cookies all over the place, accompanied with alarming references to tracking, privacy, and so on. This kind of messaging may make some users run a mile. 

This is a big concern for our respondents. Just 7% think that users will understand what cookies are. 

Broadly speaking, do you think web users will understand about cookies and the consent required?

The comments reflect this concern:

It’s not just what users will see onsite…the negative PR around the directive from the mainstream press will result in people being more confused and hence rejecting consent.

As this comment suggests, perhaps the likes of Amazon (if it implements this) and Tesco will be more likely to gain consent: 

I think many will either “just say yes” or just refuse, without fully understanding either the privacy issue or how their user experience will be affected if they don’t use cookies. It will really depend on how much they trust the brand of the site.

Any casual user is bound to say no to anything they perceive as spying on them. Analytics – no matter how important to us in marketing – falls under this category. This is going to decimate analytics – very literally looking at the ICO post-implementation figures in which 90% of their site users did not opt in to analytics.

UPDATE: We received the following comment from an ICO spokesperson:

The ICO has been clear from the start that the changes brought in by last year’s amendment to the EU e-privacy directive present challenges to the way UK websites operate, particularly with regards to their use of cookies. However the directive has already been passed into UK law and the ICO is working hard with industry bodies and other interested parties, to ensure that organisations operating websites in the UK are not only aware of the new changes, but are also provided with advice on how they can work towards compliance.

While it is encouraging that over half of companies have carried out an audit looking at how their website uses cookies, it is important that organisations who have yet to take action do so before the end of May, when the year long lead in period we have provided expires. Every website will be unique and therefore the ICO can not proscribe the actions every individual organisation should take, however our guidance provides information and examples which explain what compliance with the new changes looks like.

We will continue to update this guidance so that it incorporates best practice advice from the industry, where we believe it will help other organisations to become compliant.