Tuesday, 28 February 2012

E Privacy directive....The Return of the Pop Up?

Pop-ups. We loved 'em.

Pop ups. Remember them? Universally loved and then hated by everyone who 'surfed the net' what seems like years ago now. Tons of those windows popping all over the place offering you the latest deals on this and that, poker to porn and some 'legit' things as well.

Then our saviour came riding around the corner. Pop up blockers. Praise the lord. Then thankfully Microsoft, Mozilla and the gang built them in to our browsers and the problem went away.

So here we are in 2012, steaming towards the 25th May when the EU E-Privacy Directive comes in to force. Everyone is struggling with how to make their website visitors know they use cookies....so is this the Return Of The Pop-Up?

The E-Privacy Directive has been a force in law since 25th May 2011 but businesses, the government and anyone who had a stake in digital cried "We're not ready". So we all had 12 month reprive.

I've spent a few months now working on how to comply with the policy without doing 2 things:
  • completely disrupting the digital customer experience
  • lose sight of how the digital channel is performing
The Information Commisioner's Office (ICO) in the UK has issued 2 sets of guideance, the second set just before Christmas 2011.  The guideance is useful but as with all documents if this nature, it's not 100% cyrstal clear. Which leaves businesses having to interpret the guidelines.

The classification of cookies in to essential and non-essential for example is open to some big interprtation. If I classed all my cookies as 'non-essential' and therefore not needing active consent to drop a cookie on a visitors machine, who can disagree with me without doing a detailed technical audit of my digital infrastructure? I'm not sure exactly who is going to check anyway.

In theory I guess the ICO.  There are 13.71 billion indexed webpages (not websites) on the internet according to Wolframalpha. Each of these has the potential to be an 'entry point' to a brand's website and drop cookies. Lets say 10% are owned by UK business so 1.4bn web pages.

That is a lot of checking. Lots. Of. Checking.

Ok, there'll be prioritisation to that list - banks will get priority I'm sure :) - and automated tools to help but that is still a huge task to check and confirm whether a business is compliant or not.
Is your's clear?

A picture is starting to emerge on what solutions people are adopting but there is a sense of people also playing their cards very close to their chest. The 'I don't want to be first to move' syndrome that does remind me of DDA compliance many years ago.

So what will keep the ICO and others happy? Prominence is key. Very clear sign posts when a visitor arrives anywhere in to your site that you use cookies and how to find out more in your Privacy Policy. This is going to be essential for 25th May 2012.

Also clearly stating what cookies you use and whether these are essential for providing a service, or not. If not essential then you'll need to get consent. Oh, and you'll need to use a cookie to remember that consent. The ultimate irony.

In case you are wondering, the ICO deems all analytics cookies as 'non-essential' so you need to get consent to drop them. Which means you are likely to see a big dip across all your analytics measures. This is where I'm looking to Google, Adobe and others for a cookieless solution but am hearing nothing on that front at the moment. Help please guys??

I'm not sure we'll see many early movers on this. Google have had a lot of fan fair on their recent Privacy Policy clear up but that's not the same as meeting the E-Privacy Directive. I imagine the majority will go for clear prominence on day one and work things up from there.

1 comment:

  1. Phil
    I think this is bad legislation, badly implemented and quite frankly it should have had the same sort of resistance as the Digital Economy Bill/Act had (fat lot of good that did eh?).
    Unlike the accessibility legislation you mentioned, I can find nobody actually championing the EU Directive here in the UK except of course the Information Commissioner's office.
    However, large organisations can't simply adopt a "wait & see" approach, as nobody wants to be the first to be subjected to a fine up to £0.5 million and the public humiliation that comes with it.
    It seems that once again the digital industry, a hub of innovation and business growth, is being unnecessarily targeted and website owners and their agencies are left to pick up the pieces.