Thursday 15 March 2012

6 Things You Need To Know For E-Privacy Directive Compliance

I posted my thoughts on the E-Privacy directive a few weeks ago. I thought I'd try to distill this further in to the 6 key rings you need to know, and do, in order to be on the right track with the E-Privacy Directive and compliance on 25 May 212.

Most people in the digital world are not a fan of this. Obviously. 82% of digital marketers think the EU cookie law is bad for the web. But that's like forresters in Brazil if chopping down trees is bad for the environment. I think there's 6 things that can help you meet the guidelines come 25 May.

1. Understand it. The Information Commissioners Office has set the guidelines we need to adhere to. Read them and understand them. They will need to be interpreted in your business and this can take time so do this know.

2. Know what your 'essential' and 'non-essential' cookies. It will mean the differences between asking for consent and not. Be transparent about what cookies you are asking content for.

3. Be Prominent. Paying lip service to E-Privacy won't work and the ICO will want to know what you are hiding and why.

4. Create a transparent Privacy Policy. Be explicit in saying what cookies you do use and what you don't use. Say clearly why you use them and the benefits for the visitor and you. Also make it clear how to remove cookies; many people won't have a clue how to do this.

5. Cover all customer journeys. Don't just put a pop up or accordion on your homepage. Visitors can, and will, enter your website from any page, be that a Google search or a bookmark they have made to one of your pages or services. You need a prominent message on every part of your customer journey.

6. Test the prominence of your message. User test the design ideally before you launch it. You can do this with paper wireframes and friends in the office. Once built, use your usability agency to help test or quick feedback use a free tool from someone like  Click Density (their product is great).

Tuesday 28 February 2012

E Privacy directive....The Return of the Pop Up?


Pop-ups. We loved 'em.

Pop ups. Remember them? Universally loved and then hated by everyone who 'surfed the net' what seems like years ago now. Tons of those windows popping all over the place offering you the latest deals on this and that, poker to porn and some 'legit' things as well.

Then our saviour came riding around the corner. Pop up blockers. Praise the lord. Then thankfully Microsoft, Mozilla and the gang built them in to our browsers and the problem went away.


So here we are in 2012, steaming towards the 25th May when the EU E-Privacy Directive comes in to force. Everyone is struggling with how to make their website visitors know they use cookies....so is this the Return Of The Pop-Up?

The E-Privacy Directive has been a force in law since 25th May 2011 but businesses, the government and anyone who had a stake in digital cried "We're not ready". So we all had 12 month reprive.

I've spent a few months now working on how to comply with the policy without doing 2 things:
  • completely disrupting the digital customer experience
  • lose sight of how the digital channel is performing
The Information Commisioner's Office (ICO) in the UK has issued 2 sets of guideance, the second set just before Christmas 2011.  The guideance is useful but as with all documents if this nature, it's not 100% cyrstal clear. Which leaves businesses having to interpret the guidelines.

The classification of cookies in to essential and non-essential for example is open to some big interprtation. If I classed all my cookies as 'non-essential' and therefore not needing active consent to drop a cookie on a visitors machine, who can disagree with me without doing a detailed technical audit of my digital infrastructure? I'm not sure exactly who is going to check anyway.

In theory I guess the ICO.  There are 13.71 billion indexed webpages (not websites) on the internet according to Wolframalpha. Each of these has the potential to be an 'entry point' to a brand's website and drop cookies. Lets say 10% are owned by UK business so 1.4bn web pages.

That is a lot of checking. Lots. Of. Checking.

Ok, there'll be prioritisation to that list - banks will get priority I'm sure :) - and automated tools to help but that is still a huge task to check and confirm whether a business is compliant or not.
Is your's clear?

A picture is starting to emerge on what solutions people are adopting but there is a sense of people also playing their cards very close to their chest. The 'I don't want to be first to move' syndrome that does remind me of DDA compliance many years ago.

So what will keep the ICO and others happy? Prominence is key. Very clear sign posts when a visitor arrives anywhere in to your site that you use cookies and how to find out more in your Privacy Policy. This is going to be essential for 25th May 2012.

Also clearly stating what cookies you use and whether these are essential for providing a service, or not. If not essential then you'll need to get consent. Oh, and you'll need to use a cookie to remember that consent. The ultimate irony.

In case you are wondering, the ICO deems all analytics cookies as 'non-essential' so you need to get consent to drop them. Which means you are likely to see a big dip across all your analytics measures. This is where I'm looking to Google, Adobe and others for a cookieless solution but am hearing nothing on that front at the moment. Help please guys??

I'm not sure we'll see many early movers on this. Google have had a lot of fan fair on their recent Privacy Policy clear up but that's not the same as meeting the E-Privacy Directive. I imagine the majority will go for clear prominence on day one and work things up from there.