With just a few days left before the ICO begins to enforce the EU e-Privacy Directive, we are starting to see a few sites unveiling their approaches to compliance

Two such sites are FT.com and Mirror Online, which are both using pop-ups to alert visitors to the sites’ use of cookies. 

As well as taking a look at the two news sites’ responses to the EU directive, I’ve been asking Malcolm Coles, Product Director, digital at Trinity Mirror Group, about the Mirror’s approach.  

How the Mirror and FT are informing customers about cookies

The FT has a pop-up which displays for new visitors, which links to the site’s cookie policy, as well as information on how to disable them. 

Rather than asking customers to opt-in, it assumes consent for setting cookies if users close the window, unless they have already disabled them. 

Mirror Online has a smaller pop-up which appears towards the bottom right of the page: 

The pop up informs visitors about cookies, and tells users that, by continuing to use the website having seen the messge, this means they’re OK with cookies. 

Unlike the FT approach, where the pop-up remains until users close it, the Mirror’s message will vanish after 12 seconds. 

This goes along with the ICO’s own advice in its guidance document: 

…you could set a cookie and infer consent from the fact that the user has seen a clear notice and actively indicated that they are comfortable with cookies by clicking through and using the site. This is an option that relies on the user being aware that the consequence of using the site is the setting of cookies.

Both sites link to further detailed information on the kinds of information which is stored and used, and what it is used for. Here’s the FT’s version:

Both tell users how they can disable cookies using their browser settings, rather than taking the BT approach and allowing users to opt-in and out of certain types of cookies using a slider tool. 

I asked Malcolm Coles from Trinity Mirror about the thinking behind the Mirror’s approach: 

Why did the Mirror decide on this particular cookie solution? 

The problem is that, even now, it’s not clear what compliance with the law looks like – the main test is clearly going to be what enforcement action the ICO takes.

So we’ve looked for a solution that gives clear information and control to the consumer, but without ruining the experience of using our websites. Remember that Trinity Mirror has hundreds of different sites with different combinations of cookies.

I’m comfortable that we’ve achieved a balance that’s legal – and that we’re among the frontrunners in the industries we work in in terms of putting consumers in control.

Since the pop-up vanishes after a few seconds if the user does nothing, is it strictly compliant? Can you claim that users have given ‘overt and informed consent’ to the use of cookies? 

There’s a link on every page that explains how we use cookies and gives users the opportunity to control them (either directly or via links to relevant third-party sites). And we’ve put a LOT of work into tracking down links to information about browser controls and controls about individual cookies to add to that page.

To ensure users know what’s going on, we also display a popup for 12 seconds when you first visit our sites. So we’ve gone further than some of the ICO’s recent advice, I’d say, in terms of ensuring users know that we use cookies and know how to control them if they want.

Do you think the solution, including the further info on cookies used, conforms with the spirit of the directive? 

Yes. It’s about informed consent, and we make it clear how we use cookies and give users ways to control them. From what I know of what other news sites are doing, I think we’ll be leading the way in terms of helping users control what’s going on.

Do you expect many users to look into the cookie info provided? 

No, not really. In the course of deciding what to do, I’ve uncovered a lot of information about what cookies are used on my own computer.

A lot of it has surprised me, but none of it has motivated me to turn off a single cookie. Other people will think differently so it’s important they can act accordingly, and we give them a way to do that via our extensive list of links to controls on cookies.

But I think it’s a poor law. There’s no education about it (so it’s irrelevant to consumers) and it imposes a significant burden on businesses without any sort of clarity abut practical implementation.

Since the ICO has said it will adopt a light approach to enforcement, do you see any reason to strictly comply (meaning interruptive pop-ups and the ability to reject cookies on site)? 

I don’t think the law requires interruptive pop ups, it requires informed consent, and that’s not the same as an interruption. But we want our sites to be legal.

To ensure we are, we list many ways users can directly control cookies, even if not directly on our site. I think you’ll find we go a lot further than many sites, such as the government sites that have decided not to implement the law in time. 

What is the business risk if users reject cookies on the Mirror site? 

Users will get less relevant ads if they reject cookies and we can’t track how people use our sites. Ultimately websites will get less relevant.

I imagine if lots of people reject cookies aimed at improving the quality of sites, you’ll start getting popups saying “this website is crap unless you accept cookies. Click here to proceed”. I think we’re a long way off worrying about that though! 

Do you expect your competitors to comply? 

Er, ask me Saturday! Actually, the fact that Saturday is the deadline for compliance shows how ill thought out this whole thing is.

Who releases code to their website on a Friday or Saturday when it could go wrong – but when there will be no one in to fix it?

But I think you’ll find that the Trinity Mirror sites, from mirror.co.uk to dailyrecord.co.uk to liverpoolecho.co.uk, are at the forefront of compliance. And that we do more than Econsultancy plans to do …!!