Contact Us

Looking to start a beautiful new agency relationship?

If you would like to speak to us directly please call: 0161 786 8040, alternatively fill in the contact form and we will get back to you.

Where we are

  • 13-14 The Schoolhouse
  • Second Avenue, The Village
  • Manchester, M171DZ

The death of the cookie?

April 26th 2012

Jasper Ditton

Head of Digital at Marketecture, helping clients to achieve their business and marketing objectives using digital marketing channels. Starting as a developer, Jasper moved to strategic and operational client services roles 5 years ago and has worked with some of the UK's largest brands and a huge variety of public sector, B2B and B2C clients.

Website owners across the UK breathed a sigh of relief last year when The Information Commissioner's Office (ICO) announced it was giving businesses and organisations a year to “get their house in order” on changes to the Privacy in Electronic Communications Regulations (PECR).

This stay of execution before requiring organisations to gain consent prior to placing cookies on users' computers saw relief replaced with a short burst of optimism. Optimism that over the coming months, best practice pioneers on cookie regulations would emerge. Pioneers, from whom we could learn, develop and improve our websites.

But, rather inevitably, life seemed to get in the way.

No-one really came up with a comprehensive plan for cookies. No-one really got to grips with what required an opt-in and what didn’t. At times, even the messaging coming from the powers that be was confusing.

A year later, the cookie amnesty is coming to an end and unfortunately the vast majority of website owners are no closer to meeting the requirements of PECR than they were a year ago.

Cue the ICO reminding us that “this isn’t going away, it’s the law”.

It’s arguable that the time to act was a year ago (maybe even 18 months), but as it’s been a while since the initial excitement about the changes to cookie usage, it’s probably best to start with a quick refresher of the requirements…

This is about privacy, not technology

It’s not unfair to say that the general public (and indeed most b2b professionals) do not, on the whole, have a firm grasp of online privacy and security. You don’t have to think very long or very hard in order to find some stark contradictions between what people think and the way they behave. It’s normal to be apprehensive of things we don’t understand and the portrayal of ‘big brother brands’ mercilessly gathering up and selling on customer information has done little to reassure people.

The EU has acted to ensure that Europe wide, there is a consistent approach to how data acquired online is treated, whilst also looking to assure us that private information will not be mistreated. The legislation makes it a requirement that your websites are up-front about how cookies are used. With users now having to ‘opt-in’ to the use of cookies, where in the past they were asked to opt-out.  It’s no longer enough to provide information in your privacy policy about how to stop cookies being set; you now have to give users the ability to choose whether or not they want to allow cookies to be set at all.

But, and there’s always a but, you’re not required to obtain an opt-in for all cookies. The legislation states that “in instances where it is strictly necessary to do so for the functionality of the website and where that action is explicitly requested by the user” then no opt-in is required.

So, if a function or component of the website won’t work without a cookie – the shopping basket on an ecommerce site for instance – then no opt-in is required.  In addition to this, the UK Government has taken the view that cookies placed for analytics are “minimally intrusive” and therefore opt-ins for such will not be actively sought by regulators (have a look at this useful post on EConsultancy for more information).

So, what does compliance look like?

When the amnesty ends on 26th May  your websites will need transparent and prominent information on what cookies you use, whilst also giving users the ability to easily opt-in or opt-out.

As such, it would be sensible to run an audit on how your website currently uses cookies and what those cookies are designed to do.

  • Do they contain personal information such as a user’s email address?
  • How long do the cookies last once they have been placed?
  • Are the cookies 1st or 3rd party (are they placed by the website itself or by a partner website or service)?

Understanding all of this will help you to develop a strategy for gaining consent. Or, help you discover whether you need to gain consent at all.

If you do need to gain consent from your users, then there are a few different methods to ensure you’re transparent and prominent about your cookie usage.

  1. A pop-up dialogue box could load when people arrive at the website, telling users what cookies are applied, what they are for and allowing them to consent or not. Until the user has made their decision, they won’t be able to use the website. On the upside, this is an unequivocal opt-in. By enforcing the opt-in when the page loads, you’ve left users in no doubt of the cookie usage. On the downside, this is a very intrusive way of gaining consent and being transparent is quite likely to increase the bounce-rate on your website. See analytics one month hence for evidence!
  2. A status bar could be applied to the bottom of the website homepage or every page throughout the site. The bar would contain the site’s privacy policy as well as information about cookie usage and contain the opt-in options. This is far less intrusive than the pop-up option and allows users to browse the website freely, but it’s also easier to miss, and therefore an opt-in may never be obtained.
  3. A warning bar could be used in a similar way to a status bar and would appear every time the website tries to set a cookie. Users would simply accept or refuse the request within the warning bar and it’s quite likely that this sort of functionality will be incorporated into web browsers in the not too distant future. Just like the status bar, this is a less intrusive but potentially miss-able way of obtaining an opt-in.

If you are looking for a real-world example of implementation, then you could do worse than visit bt.com. They’ve devised a comprehensive, clear and concise system for obtaining opt-in and it’s a model that many websites could follow.

Our opinion

It goes without saying that the drive to improve online security and ensure the privacy of individuals is laudable and should be supported. But legislation which requires users to opt in to feature and functions they just expect to happen online, will potentially lead to them opting out of online activity through technological ignorance rather than a genuine decision to protect their data privacy.

In the short term this is unlikely to make the web a more user-friendly place and the smooth customer journeys that we’ve come to expect (particularly from e-tailers) could be damaged.

Ed Vaizey, Minister for Culture, Communications and Creative Industries has confirmed that the UK Government is liaising with browser manufacturers on how to improve browsers, increase the information available on cookies and make the job of managing cookies simpler and a lot more user-friendly. Also, as more and more people move away from desktop web-surfing and engage with online content through mobile devices without the use of a browser the need for internationally ratified privacy standards becomes apparent.

There’s a long way to go in understanding how this change will affect the web user's experience in the medium to long term, but these regulations are the law and compliance isn’t optional.

Download

Download our quick guide to the cookie requirements [111KB]