The question on privacy is now not about what the law will require (we know what legislators want), it is what technical fixes can be made to comply.

New rules to prevent the digital industry from tracking user behaviour on the web without their explicit consent are pending both in the US and Europe and, as yet, we see little activity by advertisers to make ready.

In May, UK companies were given a year to introduce necessary technical fixes so that clear, informed opt-in was secured from any user they wanted to track in order to, for example, target ads at them based on previous online behaviour.

In the US, the industry is hoping that self-regulation measures including ‘do not track’ technology in behaviourally-targeted ads - enabling users to opt-out of such tracking - will appease lawmakers.

There are some grey areas around precisely what is required but in Europe at least these are being cleared up at a rapid pace and across both continents there is absolutely no question that advertisers need to adjust.

The question is now not about what the law will require (we know what legislators want), it is what technical fixes can be made to comply and here we have to look again at cookies and the tags that drop them. 

When a user makes any kind of decision about how – or indeed if - they want to be tracked online, that decision needs to be recorded and applied to all the technologies using that information to do its job.

That entire process will occur through cookies and tags but, as long as those tags remain ‘unmanaged’, will have to occur one technology at a time.

The tags on an advertiser’s website are the connectors between that site and the technologies its owner uses to plan, implement and operate online marketing campaigns.

Taken together they can be the layer that sits between web site and marketing providers and from where everything they do can be managed, including privacy – but, only if they are taken together.

There are many reasons to use a tag management system and we have always been keenest on their ability to level the playing field in terms of understanding the online channels that really drive sales and freeing marketers to easily switch between providers.

But new privacy legislation is prompting us to think that using one now is almost mandatory. 

Paul Cook

Published 29 September, 2011 by Paul Cook

Paul Cook, the founder of RedEye and TagMan, is a contributor to Econsultancy.  

28 more posts from this author

You might be interested in

Comments (3)


Matt Stannard

A very good and interesting read.

I can see why and how Tag Management would help but however I feel involving another third party could be confusing and could potentially create the issue of who "owns" data collected. I'm not sure I'd deem the solution "mandatory".

Personally I feel the gatekeepers are the browsers. I'd like to see Cookies managed in a sensible way and educate the user explaining the difference between Google Analytics and cookies which may display when you last visited a site to those more intrusive.

Ultimately in my view user experience should be controlled by the user (via the browser) - the ICO and other bodies job should be to ensure that the means of collection and use of data is appropriate.


almost 7 years ago


Pete Cheyne

Hi Paul,

Its an interesting area for debate, im pretty sure that no-one really understands what the eventual implications of these new cookie/privacy rules will be. Im hoping that a law of "common sense" will prevail, but you are absolutely right in that we must all be preparing for it.

If 3rd party cookies are deemed to be the most offensive and are blocked accordingly, this will invalidate many of the tags that are fired from within a container as they rely on the ability to check for the existence of a cookie previously set from their domain to complete its cycle of events.

Do you think that in response to this, container technology will migrate to the server side, to alleviate the need for 3rd party cookies?



almost 7 years ago

Paul Cook

Paul Cook, Director at NCC Web Performance

Hi both, thanks for your comments and apologies for the delay in coming back to you.

@Matt - I agree with that but there also needs to be an advertiser/site-side system for reading and recording the privacy choices any user has made and firing subsequent cookies accordingly. This is the very thing that makes tag management mandatory.

@Pete - I think the issue is that many are taking the 'no-one knows the real implications' line to mean 'wait and see'. Actually, legislators (at least in Europe) have been very clear about what is required: up-front opt-in for every system seeking to track a user's behaviour based on clear and comprehensive information. The common sense approach has to be developed inside this mandate so, whatever the approach is, it does require a complete change in the way we do things.

On server tags - we were the first to develop server-to-server tags and have actually halted development on it - we see several issues with them (on which I've blogged before: but one of the key ones is that it means 'clandestine user-data passing between hidden servers' - which flies right on the face of the transparency that legislators are demanding. It is obfuscation that is likely to be seen as attempting to navigate around the legislation.

almost 7 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.