{{ searchResult.published_at | date:'d MMMM yyyy' }}

Loading ...
Loading ...

Enter a search term such as “mobile analytics” or browse our content using the filters above.

No_results

That’s not only a poor Scrabble score but we also couldn’t find any results matching “”.
Check your spelling or try broadening your search.

Logo_distressed

Sorry about this, there is a problem with our search at the moment.
Please try again later.

With just a few days left before the ICO begins to enforce the EU e-Privacy Directive, we are starting to see a few sites unveiling their approaches to compliance

Two such sites are FT.com and Mirror Online, which are both using pop-ups to alert visitors to the sites' use of cookies. 

As well as taking a look at the two news sites' responses to the EU directive, I've been asking Malcolm Coles, Product Director, digital at Trinity Mirror Group, about the Mirror's approach.  

How the Mirror and FT are informing customers about cookies

The FT has a pop-up which displays for new visitors, which links to the site's cookie policy, as well as information on how to disable them. 

Rather than asking customers to opt-in, it assumes consent for setting cookies if users close the window, unless they have already disabled them. 

Mirror Online has a smaller pop-up which appears towards the bottom right of the page: 

The pop up informs visitors about cookies, and tells users that, by continuing to use the website having seen the messge, this means they're OK with cookies. 

Unlike the FT approach, where the pop-up remains until users close it, the Mirror's message will vanish after 12 seconds. 

This goes along with the ICO's own advice in its guidance document: 

...you could set a cookie and infer consent from the fact that the user has seen a clear notice and actively indicated that they are comfortable with cookies by clicking through and using the site. This is an option that relies on the user being aware that the consequence of using the site is the setting of cookies.

Both sites link to further detailed information on the kinds of information which is stored and used, and what it is used for. Here's the FT's version:

Both tell users how they can disable cookies using their browser settings, rather than taking the BT approach and allowing users to opt-in and out of certain types of cookies using a slider tool. 

I asked Malcolm Coles from Trinity Mirror about the thinking behind the Mirror's approach: 

Why did the Mirror decide on this particular cookie solution? 

The problem is that, even now, it's not clear what compliance with the law looks like - the main test is clearly going to be what enforcement action the ICO takes.

So we've looked for a solution that gives clear information and control to the consumer, but without ruining the experience of using our websites. Remember that Trinity Mirror has hundreds of different sites with different combinations of cookies.

I'm comfortable that we've achieved a balance that's legal - and that we're among the frontrunners in the industries we work in in terms of putting consumers in control.


Since the pop-up vanishes after a few seconds if the user does nothing, is it strictly compliant? Can you claim that users have given 'overt and informed consent' to the use of cookies? 

There's a link on every page that explains how we use cookies and gives users the opportunity to control them (either directly or via links to relevant third-party sites). And we've put a LOT of work into tracking down links to information about browser controls and controls about individual cookies to add to that page.

To ensure users know what's going on, we also display a popup for 12 seconds when you first visit our sites. So we've gone further than some of the ICO's recent advice, I'd say, in terms of ensuring users know that we use cookies and know how to control them if they want.

Do you think the solution, including the further info on cookies used, conforms with the spirit of the directive? 

Yes. It's about informed consent, and we make it clear how we use cookies and give users ways to control them. From what I know of what other news sites are doing, I think we'll be leading the way in terms of helping users control what's going on.

Do you expect many users to look into the cookie info provided? 

No, not really. In the course of deciding what to do, I've uncovered a lot of information about what cookies are used on my own computer.

A lot of it has surprised me, but none of it has motivated me to turn off a single cookie. Other people will think differently so it's important they can act accordingly, and we give them a way to do that via our extensive list of links to controls on cookies.

But I think it's a poor law. There's no education about it (so it's irrelevant to consumers) and it imposes a significant burden on businesses without any sort of clarity abut practical implementation.

Since the ICO has said it will adopt a light approach to enforcement, do you see any reason to strictly comply (meaning interruptive pop-ups and the ability to reject cookies on site)? 

I don’t think the law requires interruptive pop ups, it requires informed consent, and that's not the same as an interruption. But we want our sites to be legal.

To ensure we are, we list many ways users can directly control cookies, even if not directly on our site. I think you'll find we go a lot further than many sites, such as the government sites that have decided not to implement the law in time. 

What is the business risk if users reject cookies on the Mirror site? 

Users will get less relevant ads if they reject cookies and we can't track how people use our sites. Ultimately websites will get less relevant.

I imagine if lots of people reject cookies aimed at improving the quality of sites, you'll start getting popups saying "this website is crap unless you accept cookies. Click here to proceed". I think we're a long way off worrying about that though! 


Do you expect your competitors to comply? 

Er, ask me Saturday! Actually, the fact that Saturday is the deadline for compliance shows how ill thought out this whole thing is.

Who releases code to their website on a Friday or Saturday when it could go wrong - but when there will be no one in to fix it?

But I think you'll find that the Trinity Mirror sites, from mirror.co.uk to dailyrecord.co.uk to liverpoolecho.co.uk, are at the forefront of compliance. And that we do more than Econsultancy plans to do ...!!

Graham Charlton

Published 23 May, 2012 by Graham Charlton

Graham Charlton is the former Editor-in-Chief at Econsultancy. Follow him on Twitter or connect via Linkedin or Google+

2565 more posts from this author

Comments (29)

Comment
No-profile-pic
Save or Cancel
Avatar-blank-50x50

Steven Holmes

I like the The Mirror's approach - it's a lot less intrusive and potentially damaging than an opt in/opt out system.
Does it comply though? Maybe they're just testing the water because no one seems to know for certain.

over 4 years ago

Graham Charlton

Graham Charlton, Editor in Chief at ClickZ Global

@Steven Since the ICO doesn't itself know what compliance looks like, it seems a reasonable approach to me.

Since the pop-up is only visible for 12 seconds, some users may not see it, but the Mirror can argue that they have attempted to inform people, as well as providing detailed information on the cookies used and how users can use browser settings to delete or block cookies.

When there is no certainty that its competitors will comply in the strictest sense, I see no reason for the Mirror (and FT.com) to harm the user experience.

over 4 years ago

Avatar-blank-50x50

Peter Jordan, Product Analytics Lead at Government Digital Service, Cabinet Office

Daily Mirror pop-up disappears mighty quickly

over 4 years ago

Avatar-blank-50x50

Russ

I think we could see a lot of this style of rollout from the big publishers, who tend to have complicated cookie structures and institutionalised delivery mechanisms. In essence though, these popups are saying "If you close this box or click on another page of this website, even the privacy policy and cookies page, we will take that as your consent to accept all our 1st and 3rd party cookies".

It's compliant, for sure, but a harsh and arguably somewhat devious way of gaining 'consent'. As for being 'informed consent', it's interesting to see both the FT and Mirror are not detailing the 3rd party cookies being served, although the Mirror does list all the adserver agencies they deal with. Neither the FT or Mirror detail their 1st party cookies, and both rely on a user going to youronlinechoices.com to set preferences in respect of 3rd party servings, which is a bizarre experience, since that site requires the user to accept 3rd party cookies before allowing them to be disabled.

I think the overall message is "We are not changing our online business model, and if the adtrackers are profiling our users, it's nothing to do with us, guv."

over 4 years ago

Avatar-blank-50x50

malcolm coles

Steven - our lawyers says it complies. Only test is ICO enforcement action, though. No one really knows right now.

Peter - it stays for 12 seconds. That's a long time I'd have said.

Russ - the ICO says "The action of arriving at a page with a clear link to explain the site's cookie/data collection policy, then clicking through to another page on the site would act as implied consent for most cookies". We have a clear link on every page in the header. Things like ad targeting cookies are probably not covered by that quote, which is why we also have the pop up to alert people in a more active way.

We don't list every 3rd-party cookie because they often change. Instead we give very clear instructions on where to go to control these cookies. This is at an individual basis in the "Our own ad serving and management cookies" section - youronlinechoices.com is where we direct people for 3rd party ones.

over 4 years ago

Avatar-blank-50x50

malcolm coles

Ross - sorry, last para was a bit garbled. Anyway, we don't list all cookies because it's not terribly useful for anyone to do so. But we do give detailed advice on how to control services that use cookies, which is much more useful I'd say.

over 4 years ago

Maria Morais

Maria Morais, Customer Engagement & Commerce Retail Lead at IBM

Although different from Opt-In, as far as we know implied consent it's valid. ICO suggests it when releasing "Guidance on the rules on use of cookies and similar technologies", compliance guidelines.

over 4 years ago

Avatar-blank-50x50

Nygel Lyndley - MEN

I think you have to bear in mind that every single site you visit from now forwards could potentially have a page-hiding pop up explaining what a cookie is, in that light a 12 second informational isn't necessarily the wrong thing to do.

If you're going to be sensible about this then it has to be a balance between letting users know but not getting in their way.

It probably would have been useful if UK gov had gotten involved in this, a UK wide standard informational about cookies could have been used which when read could drop a 'has read' .uk or .co.uk cookie preventing users seeing the same thing over and over again. Then an addition site specific informational explaining what cookies are in use on the site in question with an associated site specific 'has read' cookie.

over 4 years ago

Avatar-blank-50x50

Peter Harrington

Considering that even the EU President is an unelected bureaucrat taking a huge salary and lifetime pension. Maybe we need to look at what constitutes legal in the sphere of the EU?

Let's face it. This law was brought in to protect EU lifer pencil pushers. It's laughable that anyone is even thinking of complying.

If I tell you to put a pop up on our website, would you do it? Of course not. Why not? You don't have to do anyhing I say, I have no electoral legitimacy.

Same goes for the EU.

over 4 years ago

Avatar-blank-50x50

David Prince

@Malcom I like your solution, although I didn't see the popup at all. I clicked the mouse wheel to open both the Mirror and FT links above in a new tab, and it took me longer than 12 seconds to get to the Mirror site.

@Peter There are lots of problems with the EU, but you're off the mark claiming no electoral legitimacy. Elections for EU commissioners happen every 5 years.

over 4 years ago

Adam Hopkinson

Adam Hopkinson, Lead Web Developer at Audley Travel

Nygel - that would be a 'supercookie', ie a cookie set on e TLD. Supercookies are blocked by all modern browsers based on the Public Suffix List maintained by Mozilla. Otherwise, it would have been the best solution.

@David - I assumed the Mirror websites won't display the popup until May 26th. No point hobbling your own traffic until you absolutely have to.

over 4 years ago

Avatar-blank-50x50

David Prince, Web Marketeer at Fish.Net

@Adam The popup is live - I just didn't see it the first time I went there.

over 4 years ago

Rob McCreedie

Rob McCreedie, Assistant Marketing Manager at Nu-Heat

I was trying to find a solution that would allow visitors to allow individual cookies but this solution seems to be the best way forward.

You are saying that the site uses cookies and if the individual wants to stop that then you are giving them the steps to do it.

It's something I'll be putting into place in the next day or so.

over 4 years ago

Adam Hopkinson

Adam Hopkinson, Lead Web Developer at Audley Travel

Of all the suggested/implement solutions I've seen, I think the ICO website is the only one that also works with Javascript disabled. Has anyone given any thought to users with js turned off or using an accessibility device that doesn't support js?

over 4 years ago

Rob McCreedie

Rob McCreedie, Assistant Marketing Manager at Nu-Heat

I know the implementation of javascript is always an issue to bear in mind but I'd be interested to see how many people nowadays actually browse the web with it turned off or use devices that do not support it?

It can't be ignored but just looking for some stats.

over 4 years ago

Avatar-blank-50x50

Russ

<slightly devil's advocate mode>

The FT/Mirror mechanisms are dangerously close to saying "If you move your mouse we will infer your consent, and btw we can't or won't tell you what you're consenting to until you consent, and even after that we don't have much of a clue what those 3rd party behavioural profilers are up to because we haven't got any control over them. All we know is they pay our bills."

Meet the new boss. Just like the old boss.

over 4 years ago

Rob McCreedie

Rob McCreedie, Assistant Marketing Manager at Nu-Heat

It is putting the emphasis onto the user to manage cookies rather than the company. Is that a good thing, probably not. Is the legislation a good thing, probably not.

I personally think that cookies which track users anonymously and aid marketers to develop and enhance sites are not a bad thing but there again I'm not setting the legislation.

I've spoken to people in the past who say "I always wondered how they know what I've looked at or might be interested in". When I've explained how it works they tend to just say "oh right".

over 4 years ago

Avatar-blank-50x50

Bruce Abbott

The solution I adopted is similar to FT but the difference being that the consumer cannot enter without physically clicking on 'Enter As A Visitor'. Beneath this is a link to our privacy policy complete with an explanation of why cookies are a necessity.
2 weeks ago I placed this 100% compliant popup on my domain and noticed very little interference with regards to bounce rates. On the other hand, I tested this function again 5 days ago and bounce rates went up by 10%? ? I think that given time consumers will click on cookie compliance functions without contemplation. Over the next couple of weeks I will be monitoring bounce rates as I adjust this function.
Most ecommerce sites are exempt from the EU cookie law so long as non intrusive or tracking cookies are being used. However most websites use Analytics of some sort or another of which on the most part are essential. If it is deemed that analytical solutions are intrusive they will be the first to go in my opinion, if bounce rates do not stabilise. If analytical and advertising tracking cookies are essential to your business then a cookie compliant function would take priority over avoidance. In my situation, I'd rather have 10% more visitors than the convenience of web analytics. But, I do believe over time (probably sooner rather than later) consumers will accept cookie directives and these could even help sales conversions as consumers associate such prompts with trust and transparency?
The ambiguity is not in the EU Cookie law detailing which cookies require consent or even that cookie audits should be made available to consumers, it is the lack of support in the method of delivery. Worse still, it appears little regard has been considered of how this will affect both large and small businesses in the short term?
It is without question that bounce rates affect conversion rates. Will it not be the case that some visitors will only chose to visit sites that do not have any Cookie directives in place? Or will they simply just accept and click? But how does the end user actually know if cookies have been disabled? Or have they unknowingly downloaded something else?
Is it not the case that even search engines ( which are on an IP address and deemed to be a rather large website at that ) use and track visitors to profile adds or even search results? Will we see the cookie popup or directive on the major search engines?
But issues are not just about directives, what about consumer protection? A major concern is that the popup or positive action will be abused by the malicious to download or install false viruses, software or keyboard loggers where PCs are not protected or antivirus programs are out of date. By its very concept, could this be a law that fails to protect?
Enforcement: If the EU & UK Gov stand back and do nothing then this will cause further confusion and the EU Cookie law will be considered a voluntary action. Or maybe it will gain in popularity as users gain trust in participating websites. Could it eventually increase conversion rates? Time will tell?
In my opinion this has been very poorly thought out and should not have been accepted by the government without further due care for consumers and businesses alike. Nonetheless it is here, personally in my opinion I will use the cookie directive so long as it does not affect bounce rates too much as I feel given time it will gain in trust. It is good to see the Mirror and other leading businesses adopting some level of precedence albeit some are more compliant than others. My advice to consumers would be to ensure that their antivirus software is up to date which is more of a necessity than learning about cookies.

over 4 years ago

Avatar-blank-50x50

Phillip Parr

Neither of these examples are accessible. Using the keyboard only, I did not get to the mirror's 'link' (itself not exactly a useful word for screen readers) before the popup closed. Not that I would have noticed it amongst the cluttered content without it being pointed out anyway.

Accessibility wise, visually the FT's example is better, but focus was not automatically set to this overlay. I had to tab through every link on the page in order to get to the close button (though I could have tabbed backwards once). Esc is also not supported to close the overlay, as is common practice.

Unfortunately this scenario is all to common these days; very few large websites consider users who can't use a mouse or require better contrast. A surprisingly high number of people use some sort of visual aid or keyboard in order to navigate the web, and these solutions have merely added another level of confusion.

over 4 years ago

Avatar-blank-50x50

Russ

Hang on a moment.

The ICO quote from Malcolm Coles above, on which he bases his compliance strategy, is NOT included in the official ICO guidance note (v2, of Dec 2011). As far as I am aware, the source of Malcolm's quote was a members-only do at the AOP on 18 April, where the quote would appear to have been taken from part of an ICO slide presentation (downloadable by members only). The full context of the quote includes the following important caveat:

"This implied consent would need to include information on how and what the user is opting into"

Or perhaps the quote has come only from AOP's summary of the proceedings:
http://www.ukaop.org.uk/news/eu-privacy-directive-forum-report3558.html

Could we perhaps ask econsultancy to act as an intermediary and confirm the veracity of the above?

over 4 years ago

Avatar-blank-50x50

Julian Peterson

I think the Reuters Cookie Consent Tool is better.

Obvious but subtle at the same time.

over 4 years ago

Avatar-blank-50x50

Nik

Personally I'm tempted to raise a Freedom of Information request to the ICO to discover how other UK gov dept websites are applying the policy. A quick look at some of these eg, hrmc, directgov, fco etc seems to reveal no change at all...

over 4 years ago

Rob McCreedie

Rob McCreedie, Assistant Marketing Manager at Nu-Heat

Oh they will probably all go live with their cookie solution tomorrow ;)

I think that would be a very interesting request.

over 4 years ago

Avatar-blank-50x50

Russ

To clarify and update my 'Hang on a moment' comment above, ICO has released version 3 of its guidance today. This now embodies what Malcolm Coles' quoted from ICO. The updated ICO guidance represents a complete u-turn on the subject of implied consent, and in effect gives the green light to the Opt-out avenues, which is what we are now seeing in the rollouts from the big publishers over the last three days. Methinks the big publishers must have had sight of ICO's v3 guidance some time before anyone else did.

about 4 years ago

Avatar-blank-50x50

Nik

Well looks like some journos have in fact researched and reported on the delay in implementation by UK govt websites. http://www.bbc.co.uk/news/technology-18090118

about 4 years ago

Avatar-blank-50x50

Rob

BBC article; "intended to prevent the malicious exploitation of cookies"?? Well I'm glad we have that protection in place now. I've lost count of the number of times I was maliciously exploited in the old days.

Does the guidance demand that sites recognise the global tracking option in Firefox (or if anyone else ever implements similar?)

about 4 years ago

Avatar-blank-50x50

Grant Unwin

I think the Firefox or even the new IE option to preent tracking can be bypassed by the unscrupulous advertisers that it is intended to affect.

about 4 years ago

Avatar-blank-50x50

Dortch

Hi, yup this piece of writing is truly good and I have learned lot of things from it on the topic of
blogging. thanks.

about 4 years ago

Avatar-blank-50x50

Blair

Good day! Would you mind if I share your blog with my facebook group?
There's a lot of folks that I think would really enjoy your content. Please let me know. Thank you

about 4 years ago

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Daily Pulse newsletter. Each weekday, you ll receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.