Cookie Monster

The EU Cookie Directive Saga

31st January 2012 - 12 minutes read  General NewsLegislation
Luke Townsend - Marketing Director

As the deadline for compliance with the EU ePrivacy Directive fast approaches, the owners of every web property aimed at consumers here in the UK are frantically developing solutions. Or at least they should be, shouldn’t they?

As I write this I have surfed through a few dozen ‘household name’ retailer web sites and have seen no evidence of any of them attempting to get ahead of the game and implement a compliance solution to this regulation early. Maybe I’ve missed all the ones that have, and maybe the ones I haven’t missed have a solution ready to roll out come May. But somehow I doubt it.

So what is this directive thing?

Just in case you haven’t got a clue what I’m talking about I’ll summarise.

Nearly all websites use cookies. If you work in online, or are even a tiny bit digital, you are probably aware of these quite badly named packets of digital information. Cookies sit on your hard disk, placed there by the websites you visit as you shop, read, play, learn, and whatever else you do on the Internet. They are the reason Amazon for example knows what you bought and can suggest other products to you. They enable us to analyse the web sites we manage and see how long people spent on them, how many pages they viewed, and what you typed in to get to the site. They are the reason a website remembers what you put in your shopping basket and they are the tracking that enables a vast amount of digital marketers to prove their worth and earn their money.

So the ‘EU Privacy Directive’ or the ‘EU Cookie Directive’ as some are dubbing it, is asking that all websites dropping cookies of the intrusive kind (pretty much all of them) get consent from their visitors before dropping any cookies; meaning that (almost) every single site that drops a cookie will have to obtain consent by asking ‘Are you happy for us to drop cookies?’ or face a possible €500,000 fine!

This poses all sorts of problems for all sorts of people. What most of these people are scared of is that when presented with the option to turn off cookies, that users will take it. Thus leaving web publishers, online marketers and digital strategists everywhere; flailing their arms about wildly and screaming loudly about not being able to do their jobs.

Panic button

Surely this is mainly an education piece? If people knew that on the whole cookies do good stuff to make their journey across the web more pleasant and their experience of websites better then, they wouldn’t be so fearful of them.

So where has the fear come from?

I think that part of it harks back to the days of pop up banners, relentless email spam and websites with animated gifs of unicorns. The internet was, and to some degree still is, seen as untrustworthy and predominantly the domain of hackers, scammers, pirates, porn-stars and phishers. However we’ve come a long way since then, even your mum has a Facebook account now, and online shopping is becoming the norm and not just reserved for the geeks and the nerds. Not to mention the massive revenue it generates for the UK economy.

The trouble is that an element of online advertising is proliferating this image and potentially making this stereotype worse. You’ve probably experienced this, the feeling that a website is stalking you across the web. Maybe you looked at a pair of shoes on a website, possibly with no intention of buying them, and now everywhere you go that pair of shoes and similar ones appear on banners as you try and read the news or do your grocery shopping. This is called behavioral retargeting and most people get a bit spooked out by it, including me. People who are naturally a little bit suspicious see these banners and ads stalking them across the web and freak out in an anti-1984, ‘they’re all out to get me’ , cookie deleting rage, well I did the first time I experienced them anyway.

Don’t get me wrong, this is just advertising, done in the right manner behavioral retargeting could be really powerful. If the album I had just read two reviews of was later on in the week brought back to my attention with a decent discount; I would certainly be more likely to make a purchase, and it would almost definitely be more relevant to me than a traditional banner ad. At the moment however, in the way most companies are using it, its too broad and too general to work for me personally.

So back to the problem..

How do you inform users that you are using cookies on your sites in such a way as to not make them want to turn all of them off? And here is where all the debate is at: how far do we have to take our actions to comply? But if the big merchants aren’t complying, why should the little guys?

The regulations state that both first party (cookies dropped specifically by and for the website you are visiting) and third party cookies (cookies dropped by the website you are visiting on behalf of another website e.g. google analytics cookies) both need full consent from the website visitor before they are dropped. The only exceptions are likely to be cookies that are needed to make online shopping baskets work and security cookies like those used in online banking. So that leaves a whole lot more in the cookie tin that every website will need to ask consent about before dropping!

Pop-up warning

I have seen solutions ranging from the blatantly obvious drop down bar that appears and describes what each cookie is and what it does, to the discretely located sticker that rolls over to reveal the information. The problem here is that the guidelines are fuzzy and that the potential harm that could be done by a large percentage of users turning off cookies is huge.

Can we rely on the browsers to implement a solution in time for us not to act upon this? Put simply – No.
The ICO makes it clear that ‘relying on browser settings will not be sufficient’ and even if the browsers implement a solution, getting everyone on those browsers will take time. Implementing a different solution for specific browsers will get messy and fiddly.

The stats out there are quite frightening, the ICO’s own website shows this opt-in message at the top of its website (dare I say not really designed with much thought about conversion behind it).

ICO warning

This graph courtesy of Vicky Brock, @brockvicky shows what is likely to happen to web analytics if you implement that solution!

ICO traffic before and after

For affiliate publishers, performance marketing agencies and networks alike the above is a very scary thought. If even half of this kind of drop off in cookies was across the board it would be disastrous. No cookies = no commissions = no jobs?

What can you do?

So the race is on to find a way to comply with the minimum impact, and to educate the world (or at least the UK) about the real positive value of cookies.

Videos like this certainly help.


How can cookies make your surfing experience convenient?Explania


The big cookie contest Explania

After this directive becomes active I think the worst offenders of the biggest sites will be the ones who will potentially be targeted and fined, if any. You would hope it won’t be Joe Bloggs with his small blog on fly fishing that he has put Google analytics tracking on. But everyone in-between should be looking to at least show that they have in some way tried to comply with these rather harsh and potentially damaging new regulations.

So what are we going to do? The responsible thing… as little as possible, but enough to show that we are willing to make an effort to comply. Then we’ll watch the big boys and see what they implement, one of them is bound to get it right, and one or two might just be made an example of by the ICO. Interesting times ahead.

Interesting related articles:

http://www.davidnaylor.co.uk/eu-cookies-directive-interactive-guide-to-25th-may-and-what-it-means-for-you.html
http://blog.silktide.com/2011/05/cookie-law-makes-most-uk-websites-illegal-what-you-need-to-know/

Helpful Advice:

http://www.iabuk.net/blog/reminder-of-the-ico-advice-do-a-cookie-audit-start-planning

Regulation guides:

http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/cookie_rules_prepare.aspx
http://www.cookielaw.org/media/2398/eu_directive_published_version.pdf

Cookie Monster image courtesy of the excellent ssoosay http://www.flickr.com/photos/ssoosay/