The EU e-Privacy Directive, or ‘cookie law’ has been causing quite a stir of late. The directive, due to roll out on May 26 states that all websites which use cookies must seek consent from visitors accessing the site before dropping cookies on their device.
What is a cookie?
Cookies are small text files which are stored on a user’s computer, tablet or mobile device. They hold a small amount of information about a user that’s specific to a certain website. When the user visits a website, the server accesses these cookies, essentially allowing the site to ‘remember’ the user.
Cookies are used by many different websites for many different reasons, but they’re most commonly utilised by e-commerce sites and web analytics packages.
For instance, sites that run Google Analytics issue cookies that allows the site to identify unique visitors. Amongst other things, this enables site owners to analyse site performance based on new vs. returning visitors.
Who is affected by the cookie law and what they can do about it
Put simply, the law applies to any site that sets cookies. From the 26 May, sites that set cookies must:
- tell people that the cookies are there
- explain what the cookies are doing
- obtain a visitor’s consent to store a cookie on their device
The requirement for sites to provide information about their cookies is not a new thing. However, whereas before a site had to provide people with the option to opt out of cookies being stored on their device, the new law states that a site must first obtain consent to store cookies on a user’s device, or ‘opt in’.
There are several potential methods that sites could use in order to display their cookie information and gain consent from its visitors, such as warning bars or status bars.
That said, there’s no ‘one size fits all’ solution here as every site is different. The aim should be to display a clear call to action while minimising intrusion to the user – easier said than done.
Real-life examples of how sites are approaching the compliance are few and far between (it seems everyone’s waiting to see what everyone else is going to do), but this post offers some good insight in to different approaches and associated implications.
Is the cookie law a good thing?
While some would wholly agree that the cookie law is a step in the right direction in terms of protecting privacy online, it’s evident that the vast majority believe the bad outweighs the good.
Econsultancy surveyed 700 marketers for their opinions on the EU cookie laws – here’s what they found:
Q. In your personal view do you think the EU e-Privacy Directive is a good / positive development?
A. 82% said no
When asked why not, there was general feeling that the new law would “kill” online sales and have a negative impact on user experience.
Q. Have you read the guidance from the UK’s Information Commissioner’s Office (ICO)?
A. 64% said yes
While the majority of respondents had read the ICO guidance, the majority felt it was fairly useless – “the blind leading the blind.”
Q. Has your company done an audit of cookie usage in preparation?
A. 54% said yes
There was a mixed response from this question; some respondents said that the audit actually improved site performance; others seemed to have no intention of carrying out an audit at all; and some felt this was a big ask for small businesses with no in-house technical knowledge.
Q. Do you have a clear understanding of the user interface options to get consent?
A. 61% said no
Exactly how websites will gain consent from users to store cookies is still unclear for many. What is clear is the concern that user experience will be seriously jeopardised. This comment sums the mood well;
“The option mechanics are simple enough. The issue is when/whether they should be used. They will scare people about something that is in most cases innocuous. Are we asking people that forcefully if supermarkets can profile shoppers, or if shops can monitor behaviour or if they are OK to be filmed on CCTV?
Do people really feel exposed and do they really understand how things would work without such business intelligence being gathered. Perhaps we should ask in the pop up “click here if you want to damage the economy, make the UK less competitive and risk unemployment and damage the UK’s position as a top digital economy”.
What next?
Love it or loathe it, the cookie law can’t be ignored.
First step is to run a cookie audit to check what type of cookies your site currently uses. You should then download read the ICO’s guidance on the new cookies regulations, assess how intrusive your cookies are and decide on the best solution for obtaining consent on your site.