{{ searchResult.published_at | date:'d MMMM yyyy' }}

Loading ...
Loading ...

Enter a search term such as “mobile analytics” or browse our content using the filters above.

No_results

That’s not only a poor Scrabble score but we also couldn’t find any results matching “”.
Check your spelling or try broadening your search.

Logo_distressed

Sorry about this, there is a problem with our search at the moment.
Please try again later.

The new EU e-Privacy Directive that comes into effect in the UK on May 25 has caused a major stir in the local internet community, but its real impact will depend on enforcement and ‘cost’ to end users.

Could common sense prevail? Perhaps, but in the end practicality will...

The e-Privacy Directive

The Directive legitimises the use of cookies but:

“...on condition that users are provided with clear and precise information...about the purposes of cookies...”. It goes on to state that “Users should have the opportunity to refuse to have a cookie or similar device stored on their terminal equipment.”

This legislation is threatening a variety of online practices from display advertising to web analytics and behavioural targeting. However, it is now up to the Department for Culture, Media and Sport (DCMS) to draft the practical regulations of this directive for the UK. Somewhat ironically, these won’t be ready on time for May 25th (perhaps the department’s lawyers are occupied by the upcoming Olympic games).

Given that work is in progress, we can only hope that the DCMS is looking for the right balance between privacy and business needs.

The continuous privacy issues and media hype over Facebook’s data sharing are major (though not the only) instigators for people’s online privacy concerns. Add the ‘creepiness’ factor of targeted behavioural ads on websites and emails and you get an explosive mixture of paranoia.

I am deliberately keeping Spam, online identity theft and Phishing separately. These are major privacy concerns but are conducted by criminals not legitimate business. They will continue to operate irrespective of any legislation.

Cookies have become associated with tracking as a mean of exploitation. However, the vast majority of website owners don't actually have the knowledge or desire to abuse/misuse cookies. Most of my consultancy clients struggle with basic web analytics data and its interpretation.

The more sophisticated ones are using cookies to improve user experience, increase revenue and reduce cost by optimising their marketing and commercial resources. These are legitimate activities that are in the interest of both website users and owners. Efficient companies can offer customers better priced products.

Obviously, there are always the odd cases of abuse. There will always be some bankers trading on inside information, construction companies that do not adhere to the strictest health and safety regulations and pharmacies selling fake drugs. But thankfully those do not represent the majority of businesses on or offline.

Unfortunately, most members of public are unaware of the benevolent aspects of cookies and how they make the internet work. They soon will find out if regulation adheres to the strictest protocol.

Threats to user experience

If the DCMS interprets ‘[user] opportunity to refuse’ as needing to obtain prior and explicit consent for using cookies then the quality of user experience is about to nose dive.

Every website in the UK would have to use a prompt or pop-up (what if the latter is blocked by the browser settings?) to obtain consent using cookies. Users will have to pain through this process many times a day, which will make the web more cumbersome and frustrating.

Those who reject cookies would suffer most. As there will be no mechanism to track them, they would be prompted to opt in/out each time they return to a site. This on its own is likely to lead most customers to (eventually) opt in for the sake of their sanity.

Most people, when asked, would prefer their favourite online newspaper to be ad free. But given the choice between an ad free version for a minimal monthly subscription and a free version with ads, the majority would pick the latter.

Similarly, most would find the ‘cost’ of such privacy control too high to bear. It would completely overshadow the actual privacy concerns.

Whilst I agree with my colleague Alec Cochrane regarding the need for educating the public about cookies, I doubt the media is going to find the educational aspect of the topic sufficiently engaging. Katie Price’s domestic trouble seems far more important to the general public (perhaps we should get her to endorse our cause).

Will the Directive harm the industry?

I disagree with statements that UK users will turn to foreign websites and the imminent death of online start-ups. I live in the UK, consume predominantly domestic news and transact with local websites. I’m not going to develop an instant preference for the NFL over the English Premier League.

The DCMS would be risking the wrath of both public and industry if it opted for too strict regulation. It would also need to consider how this regulation would be enforced and governed – not a trivial issue.

Given that ‘prior consent’ was not a term used in the EU Directive, I’m expecting the DCMS to take a more moderate approach.

But even if the DCMS comes up with strict rules requiring prior user consent and users do not grow tired of having to opt in on every visit then the industry will quickly adjust with practical solutions.

Would display banners, behavioural ad targeting networks and web analytics vendors disappear? No, they will simply evolve by using other mechanisms. They are ultimately too important tools for both industry and users to simply disappear.

As an industry we should first and foremost self regulate by using cookies responsibly and respectfully. We should make our voice heard so policy makers have a balanced view and appreciation of users and industry needs.

We should hope that the DCMS listens and applies common sense, but we should also trust practicality and user experience to prevail if regulation goes a little too far.

Michael Feiner

Published 14 March, 2011 by Michael Feiner

Michael Feiner is the founder of web analytics and optimisation consultancy AEP Convert and a contributor to Econsultancy. He can also be found on Twitter and LinkedIn. 

3 more posts from this author

Comments (14)

Comment
No-profile-pic
Save or Cancel
Avatar-blank-50x50

Rob Hayden

So not for the first time EU legislation will be left ambiguous and open to local "interpretation". How much of a pain this becomes is entirely down to who is the most effective lobbyist. As for the password issue; will permitting cookies, if that's where we end up, be an "all or nothing" per domain? Opportunities for confusion abound.

over 5 years ago

Avatar-blank-50x50

Pete Austin, MarketingXD

Re: "Those who reject cookies would suffer most. As there will be no mechanism to track them, they would be prompted to opt in/out each time they return to a site. This on its own is likely to lead most customers to (eventually) opt in for the sake of their sanity."

No. There is no need for a burdonsome mechanism to opt in/out each time. You would never approach a client request by telling them how it was an doomed to failure, so why do this with a request from the EU?

(1) Cookies are permitted if they are needed for operation of the site

(2) In other cases, cookie permission can be provided by pressing a little button, like the Facebook "like" button.

over 5 years ago

Niranjan Sridharan

Niranjan Sridharan, Digital Auditor at ABC

Hi Mike. Nice post with some excellent points covered.

But, you do not account for the fact that about 50% of the traffic for most(if not all) UK sites is international traffic. This user base might turn to other (painless) alternatives. This would hit user metrics for all UK based websites. Also severely hit will be UK based companies that rely on cookie data either to collect anon usage stats or in retargeting etc.

Also, I think we need to think out of the box as in industry. I do not for one moment believe if the opt-in is interpreted the way you mention, people who reject cookies will suffer. I am sure there will be other simpler alternatives to circumvent this problem. It might even lead to innovation in the way the online industry works.

over 5 years ago

Avatar-blank-50x50

Jim

Michael, you seem to be reading the wrong Directive.

Giving the user the opportunity to refuse is the current law. This is complied with by most websites by telling the user in their privacy policy about cookies and explaining that they can delete them using their browser settings.

The new law states:

"the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia about the purposes of the processing." (Read it here:
http://www.out-law.com/page-10021)

DCMS is not interpreting the opportunity to refuse as meaning consent - consent is what it says in the Directive (although not "prior" or "explicit" consent - though what difference these words would make in practice is a moot point). DCMS have stated that their approach will be to copy out the Directive wording, and that the implementing regulations will be ready by May 25th.

over 5 years ago

Avatar-blank-50x50

Tendering software

JIM you are right. It's a great post but. I think the legislation cannot stay for a longer time as it may affect the local community very negatively..

over 5 years ago

Alec Cochrane

Alec Cochrane, Head of Optimisation at Blue Latitude

Mike - great post. As an addition: those who reject cookies don't only suffer the most, but they'll bring down the quality of service for everyone else.

The other thing to note is that this will affect affiliate websites as well - as they'll have to comply with UK law when linking through to other websites with pop ups, just to make sure that they get paid, they will start linking to foreign websites. This may mean an increase in price to include shipping costs for the users, but for the affiliate to survive they will have to do this. This is bad for those niche websites who will have all their revenue redirected to international vendors.

Pete:

"(1) Cookies are permitted if they are needed for operation of the site
(2) In other cases, cookie permission can be provided by pressing a little button, like the Facebook "like" button."

What is classed as being operational for the site? Tracking cookies to ensure that the Marketing has been successful? That sounds like it is needed - you need to know your ROI on your Marketing to continue doing it. What about the cookies that advertisers give to get the best ads and drive up click through rate? Clearly they don't appear essential, but without the adverts the site would have no revenue and would stop running. This option is too open for interpretation and I doubt anyone would ever click on a facebook style "like" button, rendering it a waste of time.

Jim - I think the point of the directive is that the current method of the privacy policy isn't good enough. The "...provided with clear and comprehensive information..." part of the directive suggests that this a privacy policy linked to from every page doesn't work. Nobody reads privacy policies and even if they did, the part about cookies is hidden in legal spiel about the site and doesn't really explain what happens to the data. I think if we had solved this problem, rather than trying to hide it, we could have avoided this situation in the first place.

over 5 years ago

Avatar-blank-50x50

Michael Feiner

Niranjan - you make a very good point re international traffic to UK sites (though the 50% you mentioned seems to be a tad high – I’ve never seen any of my clients have such a high percentage of foreign traffic inc. some of the biggest UK media sites).

I'd like to make two points.
First, whilst some of this traffic might choose to use “other (painless) alternative” it is also reasonable to assume that a large part of this foreign traffic is actually looking for UK-specific news and information (e.g. Expats and anglophiles).

Secondly, I actually believe there is a very simple technical solution to the problem you raised. Given that these foreign visitors reside outside of the UK, the UK law does not apply to them directly.
Therefore, websites could use the visitor’s IP address as a filter to control whether to display the opt-in message or not.

I certainly agree with you that we should think outside of the box on this matter.

Thank you for your contribution to the discussion.

Jim – appreciate your comments.

I do believe I’m reading the right directive. You will notice the page you linked to above mentions Article 5(3) and Recital 66, both of which make part of the EU e-Privacy Directive of 2009. The former doesn’t even mention cookies whereas the latter clearly states that they are legitimate.

I agree with you that “opportunity to refuse” means consent and that the DCMS is not required to interpret it. However, the key issue here is about the use of “prior” and/or “explicit”.

I quote the EU policy maker in-charge of the Directive, Alexander Alvaro: “When the [EU] Parliament debated amendments...the ‘‘prior consent’’ formulation was considered and rejected in favour of a wording where the Parliament left more room for flexibility,”. You can read it here: http://www.clickz.com/clickz/news/1869453/europe-continues-grapple-messy-cookie-law-situation

I’m not quite sure which interpretation of “moot point” you are referring to. Is it (1) An issue that is open for debate or is it (2) An issue regarded as potentially debatable but no longer practically applicable?

Finally, the DCMS has admitted that it won’t be ready by May 25th. You can read it here:
http://www.bbc.co.uk/news/technology-12668552

This is going to be messy, isn’t it? :-)

Alec – good to hear you thoughts.

As a web analyst I think people that delete cookies should be jailed. ;-)

But on a more serious note, yes I agree that the interpretation of “necessary for operation” is not clear cut and a “Like”-like button is likely to be ignored (did I just say that?). It is only marginally better than the current privacy policy.

As for affiliates, a first party cookie could still be placed on the site and used under the claim that it is necessary from an operational aspect (e.g. so the site could serve bespoke content to affiliate traffic). Go challenge that! The current Directive won’t be able to, IMO.

This discussion highlights the point I made in the article re industry adjustment. There are (almost) always practical ways to adjust technology in face of new laws especially if they are not very tightly defined.

So unless the EU comes up with a watertight explicit Directive then it will always be open for interpretation. By explicit I mean something like: “Users must be informed of any kind of tracking on the first page of their visit by using a pop-up window measuring a minimum size of 200 by 100 pixels with the following wording - ...”.

The laws will be passed in one form or another but the regulator will do very little until cases are referred to it by the public.

I genuinely think this is a storm in a teacup.

over 5 years ago

Avatar-blank-50x50

Robert B

I don't think what Pete describes is so impossible. It's not beyond the wit of man to agree a definition of what "necessary for the operation of the site" means - and it certainly doesn't mean "tracking whatever information we like because otherwise our jobs would be really hard". And if cookies are so crucial to a good user experience, then why are we so sure that a 'Like'-like button is doomed to failure? If people knew that they could save preferences, shopping basket contents, recommendations etc on an e-commerce site, for example, why wouldn't they take a second to click a little button to do it? Even if most of them choose not to, that doesn't mean it's a waste of time, unless you believe that the purpose of giving people choice is that they choose the option you want them to.

over 5 years ago

Avatar-blank-50x50

the wedding photographer

this is some of the worst stuff to happen to the internet. ever. the internet is meant to be self-governing - not under the jurisdiction of a government.

over 4 years ago

Avatar-blank-50x50

pfefferspray

DCMS is not interpreting the opportunity to refuse as meaning consent - consent is what it says in the Directive (although not "prior" or "explicit" consent - though what difference these words would make in practice is a moot point). DCMS have stated that their approach will be to copy out the Directive wording, and that the implementing regulations will be ready by May 25th.

over 4 years ago

Avatar-blank-50x50

Security

If people knew that they could save preferences, shopping basket contents, recommendations etc on an e-commerce site, for example, why wouldn't they take a second to click a little button to do it?

almost 4 years ago

Avatar-blank-50x50

Talk Fusion

This DMCS don´t helps, this new Privacy Directive is not to make us happy. I am happy to living in the switzerland (NON-EU).

almost 4 years ago

Avatar-blank-50x50

seo first

Great article - thank you!

over 3 years ago

Avatar-blank-50x50

Zalando Gutschein, gf at maerlinda

Thanks a lot for this great article. Do you ever heared about Zalando Gutscheine ? See here more: http://www.youtube.com/watch?v=9_oxOA18gCc

over 2 years ago

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Daily Pulse newsletter. Each weekday, you ll receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.