The Way the Cookie Crumbled – No Need for Site Owners to Grumble?

Notice: Undefined variable: post_id in /home/foundco/public_html/wp-content/themes/pivot-child/inc/content-post-single-sidebar.php on line 48

The Way the Cookie Crumbles

On a weekend when most of the UK was scorching hot without a cloud in the sky, the EU cookie law deadline came and passed. The BBC reported it on the radio in the morning and for many the park picnic had to wait. I found myself surfing around different publisher websites reading pretty much the same sentence over and over again in many different shape and size boxes.

On the eve of the regulation coming in to force a dramatic late twist left most web site owners able to sleep easy. With not quite as much drama as a Champions League final penalty shoot-out, but as far as EU cookie law goes pretty exciting stuff, the ICO made a late amendment to its guidelines.

Implied consent was now in the ICO’s own words ‘certainly a valid form of consent’ which definitely came as a relief to many. Some of the big website owners had shown their hand already, being a good example, and many people had hoped that this style of implied consent solution would be enough.

Our own testing of an implied consent solution found it to be far less damaging to analytics and tracking than the prior consent solutions we also tested.

The problems with ‘prior consent’ cookie solutions

The above graphs show three different prior consent solutions being tested. The green showing the number of consents, the red the number of those not wanting cookies, and the orange is those that did not get drawn into a decision at all.

We trialled three styles, each with the same messaging, a pop up style, a header drop down style and a footer drop up style, the bottom graph showing the total actions across all three styles.

As you can see orange (no decision) dominates the above pie charts. The left hand pie refers to the pop-up style notification, which greyed the site behind whilst it was shown and had no obvious way to dismiss it. Almost forcing a yes or no on allowing cookies. With this style we obtained a better rate of engagement but even here users found a way to by-pass making a decision (in this case clicking outside the window).

Different messaging didn’t make a very noticeable difference, certainly not a big enough one to give us a prior consent solution we could realistically run with.

Don’t make me make a decision

The bottom line seemed to be that website users, regardless of how you presented the information to them, overwhelmingly chose to avoid making any choice on cookies. They instead preferred to carry on regardless, closing the box or where that wasn’t possible continuing, despite their experience being impaired by a cookie information panel.

This lack of interaction from the user really surprised me. We could see from analytics that these same group of users were clearly capable of operating sophisticated filter panels when shopping, or able to navigate to the least accessible parts of a website if it contained the content they were after.

My own theory is that this is a hang up from the days of dodgy pop up windows that opened a dozen more if you tried click to close them. It would certainly be interesting to compare the data we have gathered against data from a huge, well known and publicly trusted site to see if this decision making apathy is connected to brand trust.

ICO Changes it’s stance on ‘Implied Consent’

This reluctance from users to make a decision either way on cookies and lack of interest to ‘find out more’ meant that the ‘prior consent’ solutions, that until the eve of the deadline seemed the only truly compliant ones, were about to become a necessity. This really scared the pants off anyone interested in analytics data or tracking their user behaviour. Digital marketers, sites using behavioural re-targeting and everyone with a Facebook or Twitter counter on their page was clearly in breach of the regulations without obtaining ‘prior consent’ to drop the relevant cookies. With ‘prior consent’ we were looking at losing 9 out of 10 cookies, and frustratingly not because people were clicking NO but because they weren’t making any choice at all!

The complications didn’t stop there. To implement any solution that offered the user a ‘I want these cookies but not those cookies’ choice was a technically difficult one, especially with some website frameworks and CMS solutions. Even once past that, what results is information and decision overload. The audience is not engaged, they are frustrated, and just want to get on with their shopping. Thus creating another reason for them to leave the site without a making a purchase.

It seemed that at the final hour the ICO saw some sense and realised what the potential damage was to a group fruitful and growing industries. ‘Implied consent’ is now an option and although it still comes with it’s technical challenges, is a solution that hopefully strikes the right balance between educating web site users about cookies and allowing marketers to continue to do the good work they do.

A good way to teach people about cookies?

In conclusion it’s been a bit of a roller coaster. Most of us thought the regulations were OTT and ignored them for a while, waiting for clarification or someone else to lead the way with a clever solution. Then most of us scrambled around at the last minute making sure that we were as compliant as we could be.

Testing various solutions out certainly gave me a real insight into how difficult prior consent would’ve been to achieve without losing almost all visibility on tools like Google Analytics.

It has however left me wondering if the cookie education piece that is clearly needed here should be the responsibility of the smaller individual website owners, especially as the same message will be repeated time and time again over hundreds and hundreds of sites.

Should there not be some responsibility on the the big guys who have the biggest audiences, not to mention some of the much more intrusive cookies, to do their bit to educate about cookies? A well positioned message from Facebook, Apple, Google, Microsoft or even Mozilla would have the reach and perhaps more importantly the authority that the smaller publisher can only dream of.


Cookie Monster image courtesy of the excellent ssoosay