{{ searchResult.published_at | date:'d MMMM yyyy' }}

Loading ...
Loading ...

Enter a search term such as “mobile analytics” or browse our content using the filters above.

No_results

That’s not only a poor Scrabble score but we also couldn’t find any results matching “”.
Check your spelling or try broadening your search.

Logo_distressed

Sorry about this, there is a problem with our search at the moment.
Please try again later.

EU privacy directiveThere has been a huge amount of interest within the Econsultancy community around the EU e-Privacy Directive, sometimes rather misleadingly referred to as the ‘EU Cookie Law’ (as it doesn’t just apply to cookies). This is not surprising as the deadline for compliance with the directive in the UK is May 26th so less than two months away. 

People have been asking "So what is Econsultancy going to do on its site?", and "What do you think is best practice?", and "Will Econsultancy.com be compliant?". Today we have set live our ‘solution’. 

(UPDATE, 18 April 2012: Our new report, The EU Cookie Law: A Guide to Compliance, explains the legislation as far as it affects UK online businesses, sets out some practical steps that you can take towards compliance, and includes examples of how websites can gain users’ consent for setting cookies. Do check it out.)

What we have done

1. We reviewed the documentation and advice available (see 'Useful Resources' at the bottom of this post).

The main takeout from these for us was that there appears to be a gap between what is actually compliant with the Directive and the likely level of enforcement or action that the ICO will take. Specifically, we believe that the likelihood of any fine seems to be confined to those openly abusing their users privacy. 

2. We did a cookie and privacy audit 

There are three points to mention about doing this.

Firstly, it is a good thing to undertake an audit irrespective of the Directive. You may well find there are scripts or tracking being used that you don't actually use or need anymore. Removing these, or tidying them up, may well improve the accuracy of your measurement and analysis. It should also help speed up page load times.

Secondly, if you use a simple tool like Ghostery, don't expect to pick all the cookies/scripts that you are using. Ghostery works at a page level so you will likely be using cookies or scripts on only certain pages of your site. Unless you visit all the pages of your site you won't find all the cookies/scripts. For example, a lot of tracking sits on the checkout confirmation page typically. You are unlikely to visit this page on your own site; equally, tools that crawl/spider your site are unlikely to be able to access secure areas like this. So you need to use tools but also check with your web dev team and suppliers/agencies to try and find all uses. 

Thirdly, it is not just about cookies but about privacy. You will see in our updated privacy policy text that we cover things like email tracking, social buttons, embedded web services etc. So don't just audit for cookies. 

3. We added a more prominent link to our privacy policy

You can see it top right in the site header above the site search. The text isn't quite white but grey. It isn't that large. Is it prominent 'enough'? Who knows. There are various ways of implementing this (see examples below) and we'd like to see some protocols established, or best practice at least, to help site owners, and users, know how best to implement this from a design and user experience perspective. 

4. We updated the content of our Privacy Policy

You can read that content by following the link to the policy in the top right of the header. We'd love your feedback on it as, again, we'd like to try and establish what good practice looks like in terms of creating policies that are helpful to users (and that work for site owners too). 

We have tried to make the content as 'plain English' as possible, at least given our target market who are typically quite savvy, and also to be as comprehensive and transparent as possible. We have only grouped cookies into two broad categories. Other sites (see examples below) have gone further in their segmentation/description of cookie types. 

From our understanding of the Directive, our solution is not strictly compliant because there is still no informed, or active, consent. And, as yet, we have not provided any options to selectively opt in/out of particular cookies: this is still up to the user. However, it is also our understanding that this solution is highly unlikely to be ‘actionable’ by the ICO and even less likely to incur a fine as we are clearly not trying to abuse our users’ privacy. 

Why we have done it

To be honest we haven’t done this out of a fear, or desire, to ‘comply’. We have done it partly because we believe it is a good thing for site owners and their users to have clearer policies and information on privacy. 

However, we are most interested in educating the industry about best practice in digital marketing and e-commerce, so we are motivated by trying to understand, and build consensus, around what ‘best practice’ is in this area. Whilst we certainly do not claim that our implementation constitutes 'best practice' we are keen to hold it up as an example, a straw man, which can be critiqued, iterated, and referenced. 

We welcome your comments, thoughts, and feedback below.

Other examples to look at

We're very keen to help establish best practice, or guidelines, in this area. Rather than debating the theory, or the law, we feel it is perhaps most helpful to see actual examples of implementations that you can then adapt. Note that actual implementations can only be 'judged' by the ICO, as far as compliance goes. We, along with a few brave others, have deliberately set live our approach before the May 26 deadline in order to give others further time to see what everyone else is doing.

I'd say there are currently three broad levels of approach:

Level 1 = a more prominent link to the privacy policy and improved information within the policy itself

Examples: EconsultancyJohn Lewis.

Level 2 = user can selectively opt in/out of groups of cookies

Examples: BT (overlay bottom right that disappears, 'slider' for cookie opt out/in); Magiq (selective opt out/re-opt in); Reuters (this links to the frame/overlay provided by Evidon on the Reuters site) 

Level 3 = active opt-in

Examples: ICO - still the only site we've found so far that has this. 

My reading of the Directive would be that only Level 3 is strictly-speaking compliant. 

Phil Pearce, an Econsultancy member, has kindly collated 20 implementation examples which you can download as PowerPoint show (.ppsx)

Useful Resources


Ashley Friedlein

Published 28 March, 2012 by Ashley Friedlein @ Econsultancy

Ashley Friedlein is Founder of Econsultancy and President of Centaur Marketing. Follow him on Twitter or connect via LinkedIn.

86 more posts from this author

Comments (41)

Comment
No-profile-pic
Save or Cancel
Avatar-blank-50x50

Jennifer Davis

Thank you for publishing your own solution here - it's really useful to see what other companies are doing to comply with the new rules.

I find I'm personally struggling to understand exactly how far websites have to go before they are 'legally' compliant. I was under the impression (from reading the directives) that any cookies had to be opt-in, with the only exceptions leaning towards shopping-basket-related cookies.

However, others in the industry have told me that only certain countries are having the 'opt-in' rule enforced, whereas in the UK, an 'opt-out' option with a clear privacy policy will suffice.

I hope it doesn't sound too 'lazy web' of me, but what is your understanding of the directive for UK sites? From your post, it suggests that, even with your new measures, Econsultancy isn't 'strictly' compliant. Is this because you haven't made all cookies 'opt-in'? Apologies for all the questions, but I'd love to know how others have interpreted the rules.

over 4 years ago

Avatar-blank-50x50

Rob Benge

Let's clarify, however, that your "solution" is not compliant and not in the intended spirit of the law.

There is no "clear and comprehensive information" to users of the cookies that are dropped and what they are used for.

Users are not asked for their "explicit permission" for the site to drop cookies. Neither are they given the ability to opt-out.

Because of the lack of "clear and comprehensive information", it's unlikely that the "solution" would satisfy the "implied consent" clause.

over 4 years ago

Avatar-blank-50x50

Lee Hobbs, Web Manager at Royal Borough of Kensington and Chelsea

As a public sector organisation I'm won over by the Government Digital Services position - as we provide access to services we need analytics to prove we are spending public money appropriately, which is as equal in priority a Government initiative as Privacy.

What interests me though is how the ICO thinks their version is compliant, or any of the "get compliant" services currently being pitched to local authorities. In none of them can I say 'no', nor does it explain to me what I may have difficulty accessing by not ticking 'yes', it allows me continue to browse and doesn't *appear* to be a reduced experience in any way.

Our preferred way as a local authority will be to follow gov.uk's example (ignore their welcome cookie warning, that will go when the site officially launches), it's when you get into personalised content that you see it in action. Across the site we'll embed linked text, either in the template or associated with the relevant process ("this process/website sets a cookie") and link to our privacy statement and a plain English explanation of how to manage cookies locally.

I'm aware this doesn't explicity state 'opt out of ouranalytics cookie' - is that a risky thing? Yep, but we're providing as much information as possible to allow the user manage it locally after-the-fact. Everyone seems to feel that 'showing willing' will be enough to satisfy the code, and as I said we'll defer to the GDS on this. If they go for a stricter implementation, specifically re analytics, then we will too.

As an aside though, a lot of the sample implementations I've seen make 'cookies' sound like the worst thing that could possibly befall you ever in your lifetime on the web! We don't want to frighten users, we want to educate them, demonstrate the ease with each they can manage their interactions with the council etc. if we can identify and remember them to some degree. Some website experiences they'll want to personalise, others they won't and a blanket law like this one doesn't really help empower people.

over 4 years ago

Ashley Friedlein

Ashley Friedlein, Founder, Econsultancy & President, Centaur Marketing at Econsultancy, Centaur MarketingStaff

@Rob I'd agree that our solution is not compliant but I'd argue that it is in the spirit of the law. I'm not sure that I've yet seen a single example that is compliant beyond any shadow of doubt? Even the ICO approach has had plenty of people arguing its non-compliance.

I'm not sure how much more information we'd need to give for it to be "clear and comprehensive"? (though the John Lewis 'microsite' example is indeed impressive in its comprehensiveness).

@Samantha I agree that the GDS approach makes a lot of sense.

Hopefully, perhaps after 26 May, when there are many more examples to point to, the likes of the ICO might be able to update their guidance with further info on what is 'acceptable', 'acceptable for now', 'unacceptable but not yet action-worthy', 'unacceptable and action-worthy', 'unacceptable and fine-worthy' or something like that?

I have proposed some 'levels' in my post above that represent different approaches/solutions. These might help towards building a framework, with corresponding guidance, that people can reference.

over 4 years ago

Avatar-blank-50x50

Avangelist

Put.It.Browser.Side.

Why are we doing this? how big is the European services market compared to the rest of the world?

If I see Nike.com do the same thing, roll over and adhere to a completely pointless DPA when we have security cameras on every street corner - then I'll waste my time with this dross.

over 4 years ago

Jonathan Kay

Jonathan Kay, Managing Director at 120 Feet

Thanks Ashley - this seems a very practicable and sensible approach and one that I feel all companies should be able to easily achieve with just a little effort. It's a good step forward until we see what action, if any, the ICO will take for flagrant breaches.

over 4 years ago

John Braithwaite

John Braithwaite, Managing Director at Ergo Digital

Rob - did you read their paragraph on this? I think that they're probably right in their assertion that "It is also our understanding that this solution is highly unlikely to be ‘actionable’ by the ICO and even less likely to incur a fine as we are clearly not trying to abuse our users’ privacy."

The reality is that eConsultancy is not the kind of site that the govt really want to go after anyway.

over 4 years ago

Avatar-blank-50x50

Nathan King, Credit Card Journey Manager at RBSEnterprise

Very useful and in-line with my general assumption that publishers need to be seen to be doing something, rather than falling over themselves trying to define what is fully compliant. Whether or not this is just buying time remains to be seen.

over 4 years ago

Avatar-blank-50x50

Nicholas Redding, Head of Web Analytics at William Hill Online

Thanks for posting this, Ashley. This a very helpful and informative article, and it's excellent to see how other organistations have responded. It's particularly interesting to see that nobody yet appears to have asked for active consent, with the exception of the ICO themselves.

I'd be surprised if the consensus response to the directive goes beyond what John Lewis and BT have done. It will be interesting to see if the ICO representative attending Web Analytics Wednesday next week has any comments on these approaches.

As Jonathan Kay says in his comment, we'll all be looking out for what action (if any) the ICO takes against companies with different levels of compliance. I suspect it will be minimal.

over 4 years ago

Avatar-blank-50x50

Peter Harrington

I think we might be missing the point here. This is a ludicrous piece of legislation dreamt up by non-elected EU bureaucrats, and one that is simply not enforceable in reality.

For our websites, we have absolutely no intention of complying, as i'm sure millions of others will not, thus resulting in a retraction of the law in around one year's time, if not sooner.

over 4 years ago

Avatar-blank-50x50

George Marshall

I think you say it all yourself:

"From our understanding of the Directive, our solution is not strictly compliant because there is still no informed, or active, consent."

Whether we like it or not (and it should have been introduced with a universal solution in place), the whole point of the Directive is to get informed and active consent!

over 4 years ago

Avatar-blank-50x50

Kevin Edwards

I see nothing wrong with industry looking at ways of self-regulating and essentially the UK Government and ICO have offered us a pretty flexible way of doing this within the constraints of the Directive.

It's worth looking at the dichotomy of privacy: consumers are generally freely making information available daily and as a result advertising is able to use this data in ever more innovative ways. As a consequence behaviourally focused marketing has emerged that has created the biggest concerns for legislators.

Ask the question in the right way and the majority of consumers will be concerned or unhappy about this type of marketing (see Deloitte’s recent Media Democracy report that stated only 16% of consumers are positive about their data being used for targeted advertising).

How do you address this concern? By educating consumers and allowing them to make informed choices. In the solutions rolled out I feel it's important that (in the appropriate context) we steer away from technical terminology and phrases such as 'what are cookies?' to something along the lines of 'how this site works'. This will be the only way we can start to address consumer knowledge gaps (I always ask myself, 'would my parents understand?'. As soon as I start talking about cookies I know they won't).

Overall it's far better we have a relatively non-prescriptive approach from the ICO to enable industry to address the issues. But we will need to, be it now or in the future, because with sector growth comes regulation and legislation.

over 4 years ago

Avatar-blank-50x50

Cameron Leask, Managing Director at Escrivo Internet Consulting

Well done EConsultancy - a pragmatic solution and not dissimilar to what we've done to date on our site. Personally I expect that many SME organisations will implement a solution of this nature in the medium-term.

Also: I am glad to see your comments regarding the Cookie Audit and the importance of auditing "through the checkout" and behind logins and other functionality. We've developed an audit approach that does exactly that (http://escr.it/kwYbFE) and I'd agree with your conclusion that this depth of audit is essential to ensure completeness of any review.

However I think I'd echo the sentiments of others regarding consent - the "more prominent" link to your privacy policy remains (IMHO) tucked away, out of line of sight, which probably suggests that my consent your cookies wasn't actively given, nor particularly well-informed?

over 4 years ago

Mark Chapman

Mark Chapman, Director of Client Strategy + Services at White Hat Media

The suggested compliance solution to the EU Privacy e-Directive by Econsultancy is pretty much a consensus approach we've been discussing is suitable at BOC UK.

So, brothers + sisters, if we land up in the dock we should be there together :-)

mark.

over 4 years ago

Malcolm Duckett

Malcolm Duckett, CEO at Magiq

Thanks for this Ashley, interesting to see your (comprehensive) approach, we think it is important to provide this level of information. Thanks also for the reference to Magiq's approach - we have been working hard to provide a reproducible solution, and will be upgrading our own site in the next week to provide a clearer indication of your current status, linking this to the existing 3-level opt-in, and using your decisions to control the other systems that we use that create or use cookies.

over 4 years ago

Andrew Smith

Andrew Smith, Director of Marketing and External Affairs at ClearDebt Group plc

I think there is are several key points that worry me in this blog. I'd certainly not wish to act (or refrain from action) on this basis.

First, there's no certainty. OK, that's because, at this stage, there is NO certainty, dammit.

Next, I think it is likely that the cookie law will be used by government agencies as a stick to beat high risk industries with.

My company, in debt solutions, works immensely hard to be as compliant as possible with the regulatory framework that affects us.

But, there are still guys in stetsons out there. And the OFT is working closely with ICO to limit their activities. If I were the Office of Fair Trading I'd apply this law stringently to exclude the worst offenders. But, because law needs to be applied even-handedly, there can be no question of a blind eye being passed over some and not others. Overt misuse and passive non-compliance will be treated the same.

If you think that won't happen, consider the ability of organisations like Citizen's Advice, to launch super-complaints for OFT consideration: Debt advice in the UK needs to be a mixed economy and there are many who can afford to pay for debt advice - but it does not mean there aren't savage opponents.

The same principle of equality under the law ought to make people in wider financial services shiver too: If ICO is persuaded to use cookie law to make life difficult (or impossible - ICO can levy huge fines) for companies that cause consumer detriment, then they'll have to be equivalently harsh to companies in the same sector that are passively non-compliant, which means they'll need to consider other areas (loans, etc) where similar detriment might exist - even when it doesn't.

And, Britain, of course, tends to take EU law with less of a pinch of salt, when it comes to enforcement, than other jurisdictions.

Dominos anyone?

over 4 years ago

Andrew Smith

Andrew Smith, Director of Marketing and External Affairs at ClearDebt Group plc

I think there is are several key points that worry me in this blog. I'd certainly not wish to act (or refrain from action) on this basis.
First, there's no certainty. OK, that's because, at this stage, there is NO certainty, dammit.

Next, I think it is likely that the cookie law will be used by government agencies as a stick to beat high risk industries with.

My company, in debt solutions, works immensely hard to be as compliant as possible with the regulatory framework that affects us.
But, there are still guys in stetsons out there. And the OFT is working closely with ICO to limit their activities. If I were the Office of Fair Trading I'd apply this law stringently to exclude the worst offenders. But, because law needs to be applied even-handedly, there can be no question of a blind eye being passed over some and not others. Overt misuse and passive non-compliance will be treated the same.

If you think that won't happen, consider the ability of organisations like Citizen's Advice, to launch super-complaints for OFT consideration: Debt advice in the UK needs to be a mixed economy and there are many who can afford to pay for debt advice - but it does not mean there aren't savage opponents.

The same principle of equality under the law ought to make people in wider financial services shiver too: If ICO is persuaded to use cookie law to make life difficult (or impossible - ICO can levy huge fines) for companies that cause consumer detriment, then they'll have to be equivalently harsh to companies in the same sector that are passively non-compliant, which means they'll need to consider other areas (loans, etc) where similar detriment might exist - even when it doesn't.

And, Britain, of course, tends to take EU law with less of a pinch of salt, when it comes to enforcement, than other jurisdictions.

Dominos anyone?

over 4 years ago

Andrew Smith

Andrew Smith, Director of Marketing and External Affairs at ClearDebt Group plc

I think there is are several key points that worry me in this blog. I'd certainly not wish to act (or refrain from action) on this basis.
First, there's no certainty. OK, that's because, at this stage, there is NO certainty, dammit.

Next, I think it is likely that the cookie law will be used by government agencies as a stick to beat high risk industries with.

My company, in debt solutions, works immensely hard to be as compliant as possible with the regulatory framework that affects us.

But, there are still guys in stetsons out there. And the OFT is working closely with ICO to limit their activities. If I were the Office of Fair Trading I'd apply this law stringently to exclude the worst offenders. But, because law needs to be applied even-handedly, there can be no question of a blind eye being passed over some and not others. Overt misuse and passive non-compliance will be treated the same.

If you think that won't happen, consider the ability of organisations like Citizen's Advice, to launch super-complaints for OFT consideration: Debt advice in the UK needs to be a mixed economy and there are many who can afford to pay for debt advice - but it does not mean there aren't savage opponents.

The same principle of equality under the law ought to make people in wider financial services shiver too: If ICO is persuaded to use cookie law to make life difficult (or impossible - ICO can levy huge fines) for companies that cause consumer detriment, then they'll have to be equivalently harsh to companies in the same sector that are passively non-compliant, which means they'll need to consider other areas (loans, etc) where similar detriment might exist - even when it doesn't.

And, Britain, of course, tends to take EU law with less of a pinch of salt, when it comes to enforcement, than other jurisdictions.

Dominos anyone?

over 4 years ago

Lord Manley

Lord Manley, Principle Strategist / Director at BloomReach

I think that your actions would be nigh-on perfect, were you to be implementing them as part of a structured road map of a staged strategic approach.

By overtly declaring that this is all you intend to do, I fancy that it may be somewhat non-compliant.

That said, eConsultancy is not a brand which should be worrying too much about prosecution. That is something which is likely to be reserved for very large brands, publicly owned brands and exceptionally competitive verticals. I cannot see many complaints being levelled against you, because you are all so very, very lovely ;)

over 4 years ago

Avatar-blank-50x50

Alex Mearns

Just to reiterate what everyone else has already said, this solution will fall short of compliance.

However I don't think it will be a huge concern as the majority of visitors to econsultancy will already be aware of cookies, their implications and most likely how they can control them and one purpose of this directive is to build awareness.

You could further evidence this by conducting a poll of visitors to gauge levels of understanding and then use this as "proof" should the ICO come knocking.

If the ICO is to target anyone, it will be large organisations using highly intrusive tracking methods with a customer base with a low average awareness of cookies and their purpose.

Having looked at the few implementations so far BT seems to have the best solution. My only criticism would be their opt-out methodology.

For BT cookies are automatically set to accept and the cookie message disappears after a few seconds. This is hardly implied consent and it could be missed by a visitor.

I do look forward to seeing how other organisations implement their solutions as the deadline nears.

over 4 years ago

Sarah Alder

Sarah Alder, Managing Director at Cranmore Digital Consulting Ltd

Hi there, what are people paying for agencies to do a cookie audit?

For a small site, with no ecommerce but with a membershi/login process, I am being quoted 4-8 hours work.

Does that seem reasonable?

over 4 years ago

Avatar-blank-50x50

Craig Sullivan

Well - Belron will do an official response to this but my personal opinion is this.

If we take some European websites and implement at the more interruptive end of the scale, we are going to affect site conversion.

Implementations will vary - and some will break browsers (we test stuff a lot, so it will happen). Some will have nice clear text - others will be confusing, over legalise themselves or present poor call to actions.

So - into this nice range of experiences we might see, what would happen to conversion.

It. Will. Drop.

By how much though? Hard to say - but let's imagine we conservatively say 2% lower conversion rate.

I base this on thinking about the issues above and also considering repeat visitors, who will have to jump the hurdle again and again (because we can't cookie them ironically to detect if they said no to the cookie, lol!)

So - do governments want to think about implementing good browser controls, or do they want European firms to deliberately hobble their fastest growing market segment.

In a tough economy, the idea of having to reduce my site conversion is just crazy. I'm not trying to do any darth vader tracking here - just use tools that help me make the customer experience better.

If we count the raw cost to business here, it seems at a macro economic level to be reducing our income and global competitive edge.

Muppets.

over 4 years ago

Lord Manley

Lord Manley, Principle Strategist / Director at BloomReach

@Craig: You absolutely CAN drop a cookie to say that they have agreed to cookie use and you can sniff for it.

@Alex: Having most of your users demonstrably educated will not (and should not) help one jot when it comes to the one user who is not aware.

@Sarah: Bear in mind that, if your Ts & Cs state that by logging in the user assents to the use of cookies (and are clear and overt) then there is no real worry about post-login pages, since you will be gaining informed consent at registration/login. That said, a day to review your entire site seems cheap to me, if they are manually reviewing all pages, alternate user journeys and assessing the cookies found.

over 4 years ago

Avatar-blank-50x50

Cameron Leask, Managing Director at Escrivo Internet Consulting

@Lord Manley: (I think you are saying this too, but I believe it bears clarification...) IMHO cookies "beyond the login" still need to be audited so that the Ts&Cs of use can be clear about which cookies are being consented to when a user logs in.

"It's about privacy" - in some cases you could argue that what happens beyond the login is *more* important to get explicit consent for.

@Sarah: that's probably not unreasonable, for a relatively simple site that still has some interactivity/functionality. You should also consider the pace of development of your website and whether the audit can be easily repeated when changes are made to your website.

over 4 years ago

Avatar-blank-50x50

Alex Mearns

@Lord Manley: You're correct that there will always be users who are unaware of the privacy implications of tracking cookies (and other methods). It's also true that organisations should care about the privacy of every one of their users. But even if eConsultancy were to implement a solution that achieved compliance with the directive it wouldn't ensure that 100% of users understood what it is they were controlling.

In my personal opinion the best any organisation can hope for is that there is an increased awareness for the majority of their users.

In the case of eConsultancy this awareness (probably) already exists which is why I don't believe it would be worth implementing a more intrusive and expensive compliance solution.

over 4 years ago

Lord Manley

Lord Manley, Principle Strategist / Director at BloomReach

@Cameron: Yes, re-reading my comment, it could have been read as 'so do not bother reviewing them', which was not my intent.

over 4 years ago

Lord Manley

Lord Manley, Principle Strategist / Director at BloomReach

@Alex I disagree, but then, I am a stickler for inclusive policies - my background being accessibility (albeit almost a decade ago).

over 4 years ago

Avatar-blank-50x50

Will

It's a very confused situation, but my conclusion from what I've read that neither updating your legalese or the BT slider is enough - on their site the user gives implicit, not explicit permission. It MAY be the case that websites "get away" with doing this though, while technically breaking the law, but no-one will bother to crack down on them. Similar to most peoples' mp3 collections!

Some websites are beginning to implement a more explicit way of opting in - see http://www.liquidmodules.com for example. Whether this will become commonplace remains to be seen. It's so late in the day now that I cannot see this law being clarified before the 26/05. I suspect your smaller companies are waiting to see what the bigger retailers do first.

over 4 years ago

Graham Charlton

Graham Charlton, Editor in Chief at ClickZ Global

@Will Yes, the BT example isn't strictly compliant, though BT can at least argue that it has taken steps to inform users and to allow them to opt-out.

If the ICO doesn't enforce the directive too strictly in the beginning at least, this may well be enough.

over 4 years ago

Lord Manley

Lord Manley, Principle Strategist / Director at BloomReach

I think that the liquidmodules solution is likely to be the worst of both worlds - both breaking the site's design and not gleaning consent from most users.

Opt out is not enough but, although consent does need to be acquired, that need not always be directly opt-in.

over 4 years ago

Ashley Friedlein

Ashley Friedlein, Founder, Econsultancy & President, Centaur Marketing at Econsultancy, Centaur MarketingStaff

@Lord Manley - "Opt out is not enough but, although consent does need to be acquired, that need not always be directly opt-in". You should go into politics ;)

You should be pleased with BT's coverage on the BBC today: http://www.bbc.co.uk/news/technology-17745938?

over 4 years ago

Lord Manley

Lord Manley, Principle Strategist / Director at BloomReach

I believe that the slider mechanism we produced is excellent. I am really pleased with it. Thank you ;)

over 4 years ago

Avatar-blank-50x50

Will

@Lord Manley - Question about the BT slider:

The message says that *continued* use of the site implies consent. So what is the website doing when the first page loads and the user has taken no further action? Is it blocking certain cookies or not? Surely it should do?

Obviously the first page load is very important from an analytics point of view, as it would capture where they came from, etc.

over 4 years ago

Jonathan Kay

Jonathan Kay, Managing Director at 120 Feet

Implied consent is a very interesting area, even parts of the ICO's site mention it:

https://www.ico.gov.uk/onlinenotification/?page=7.html

"This form requires the use of a cookie. The cookie is essential for the form to operate. To find out more about the cookies we use and how to delete them, see our privacy notice. By proceeding, you agree to the use of this cookie."

However, I couldn't actually see any cookies when I tested the form. But this does show that even the ICO are able to confuse visitors by poor wording even when they are trying to be explicit and transparent in what they do.

over 4 years ago

Jonathan Kay

Jonathan Kay, Managing Director at 120 Feet

What is surprising me is how poor the vendor sites still are with regards to providing clear information to the general public on how their tools and cookies are used. Some could definitely try harder; especially as many brands' Cookie Policies may start to link to them.

over 4 years ago

Avatar-blank-50x50

Lola

Hey, I'm only a kid with a personal blog! What is this crap all about? :( I don't even know what a cookie is! I'm getting fined by ICO only because I have a blog with a form for comments????

over 4 years ago

Mark Chapman

Mark Chapman, Director of Client Strategy + Services at White Hat Media

@LordManley - Have the browser organisations contacted you yet? They ought to; if not, maybe they are copying your work as we type...

mark.

over 4 years ago

Malcolm Duckett

Malcolm Duckett, CEO at Magiq

Well fortunately we don't need goal line technology to spot when the ICO put one in our own collective net.... Finally deciding that Implied Content is OK! Well that's an effective way to waste 2 years effort by everyone in planning for and working towards about compliance - well done ICO. Another example of how the EU and government can aid British Industry. Brilliant, just bloody brilliant!

over 4 years ago

Ashley Friedlein

Ashley Friedlein, Founder, Econsultancy & President, Centaur Marketing at Econsultancy, Centaur MarketingStaff

@Malcolm And we wonder why Europe is having some challenges ;)

over 4 years ago

Malcolm Duckett

Malcolm Duckett, CEO at Magiq

Ashley... yes, there does seem to be some degree of organisational correlation....

over 4 years ago

Mark Chapman

Mark Chapman, Director of Client Strategy + Services at White Hat Media

@Ashley, @Malcolm - 'Challenges' indeed; serious concern is how poor these career politicians and non-commercial public servants make us professionals look.

They need a major re-brand; their messing around with laws and regulations reminds me again of fiddling while Rome burns. Come the revolution... :-)

over 4 years ago

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Daily Pulse newsletter. Each weekday, you ll receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.