Cookie Legislation - Why all the resentment?

The new European Directives and resulting UK legislation, designed to protect users’ privacy and personal data as they move about the web, has turned out to be much more than a simple clampdown on cookies. It’s about cleaning up the internet so that customers no longer have to worry about who’s watching them and why, and brands don’t need to worry about betraying their trust. So, why all the resentment?

For all the uproar about the Government’s clampdown on personal data collection via the web, the move can only be a good thing for internet-based businesses, rebuilding consumers’ confidence in what they do online. Judging by the resentment being exhibited across the industry towards the regulations, it may take time for many companies to realize this.

Technically, from the point at which the UK’s new statutory regulations came into force on May 26th this year, any website that stores data about a visiting user on their computers, without having gained informed consent in advance, will be doing so illegally.

But what has really put the cat among the pigeons is the depth to which the new rules go. While the expectation had been that website owners would merely need to be more proactive in advising users to manage their browser settings, the actual requirements are a great deal more substantial. The ICO has placed the onus firmly on the company to gain each user’s express permission before being allowed store or read any information on the users device (PC, table or ‘phone).

The Government’s last minute decision to “defer enforcement” for a year allows a more realistic timeframe for implementation to take place, and recognizes the significance of the implications of the legislation. It also extends the opportunity for enhancements in browser technology to address the cookie consent issue – but this may not provide a complete solution (as the ICO’s (Information Commissioners Office) commentary already explains). Couple this to the fact that the implementation of the EU Directives will vary by country, and most on-line retailers operate in an international environment, and you are left with the inescapable conclusion that “sitting and waiting” is probably not a realistic option for most web site owners. So we need to consider what the legislation is seeking to achieve, and how site owners might best respond.

Informed consent

Specifically, companies are now banned from storing or retrieving information on the user’s PC or mobile without the ‘prior, informed consent’ of the user for any purpose that is not “strictly necessary for the provision of the service requested by the user”. The government is clear that this exception must be very narrowly interpreted, meaning that any use beyond simple “basket remembering” types of use will require consent.

So any use from web analytics, optimising site content, to remembering preferences or analyzing their browsing habits and what they put in their online shopping basket will require ‘Informed consent’, and this means that the user must agree to the data (probably some form of cookie) being stored and confirming that they agree to the way in which their data will be used. Making the case for the indiscriminate use of Google Analytics, may well be quite tricky!

While there will be a grace period while website owners get their houses in order (the industry was only made aware of the full requirements on May 10th), the potential penalties for non-compliance are significant. Provision has been made for fines of up to £500,000, while the negative PR associated with flouting the rules and ignoring customers’ privacy could put companies out of business.

Clearly, the severity of the measures has come as a shock to the industry, which is reeling from the additional demands that now fall to web owners and managers. Bemoaning the clampdown will only create a lot of hot air, however. Ultimately, the brands have no choice but to absorb and respond to the new requirements. A better approach, then, would be to see the positive in the situation.

Showdown time

Celebrus is not worried by this legislation, we have been engineering compliance into our products for some years and advocating mature and careful consideration of users privacy, preferences and data. When the intentions of the regulations are considered, the measures are sound and reasonable. Just consider that the internet in its current state is like the Wild West: as innovators continue to push the boundaries, anything goes. Questions about acceptable behavior only come later. In this case, the trigger has been the widespread realization of just how open (potentially to abuse) users’ proffered information has become. Currently, a whole host of personal data is being collected without users’ knowledge, which is sinister at best.

Few could argue against the need for a clean-up, for the introduction of greater controls and better protection for web users. Web-based analytics software is frighteningly sophisticated now. Consumers are becoming increasingly aware of this through the disconcerting way in which marketing is being targeted at them, not to mention the significant media attention these practices have attracted.

Some of the press coverage of this subject to date has wrongly assumed that the new legislation is a crackdown on cookies, but it is not. It is not only more comprehensive than that – encompassing all methods of storing data on a client device – but it also actively allows for the use of cookies in circumstances where this is felt to add value. For example, cookies can be used to help companies remember where user permission has or has not been given, so that this does not have to be repeated. But cookies that collect data for marketing are not essential, and so must be consented to.

Embracing positive change

Hindsight is a wonderful thing, and it won’t be long before the current change in legislation seems logical, if not long overdue. Today, no one questions the legal clampdown on pyramid selling schemes that caused a lot of people to lose a lot of money not so many years ago. Looking back on the situation, it’s now hard to believe that the practice was ever legal; in retrospect, the clampdown was inevitable.

In a couple of years, we will look back at the new data privacy measures in the same way. The benefits will be a cleaner industry for all, and greater buy-in from customers as improved transparency helps to restore their confidence in doing business online. However the industry feels about the new restrictions, they are the best measures we could have hoped for, and the positive benefits to all will far outweigh any inconvenience involved in making a few simple adjustments to existing web activities.