European regulation on the use of website cookies threatens the commercial arm of the internet
We’ve all been there; you’re perusing the internet looking for a new garden shed, a hotel room in Cancun, a new pair of trainers. You’re clicking through, having a gander, checking them out from all angles and then you move on.
But you can’t move on. Because that pair of trainers haunts you as you visit different sites. They tease you just within your peripheral vision, reminding you of their existence over and over as they dance on every page you visit.
This is the most extreme version of behavioural advertising and it all comes down to cookies.
“Cookies also allow much more tailored messaging,” says Paul Carysforth, partner at leading marketing and technology company, Amaze. “Sites can understand what you are likely to be interested in and advertising can be targeted the right audiences for that particular brand far more accurately.”
“This affects everyone that runs a website, from a big commercial site to a small website run by a hobbyist who puts pictures up about needlework”
Andrew McClelland, IMRG
But those trainers might not be following you for much longer if new EU regulations come into force.
“This affects everyone that runs a website, from a big commercial site to a small website run by a hobbyist who puts pictures up about needlework,” says Andrew McClelland, chief operations and policy officer at IMRG. “All will have to look for permission for cookies to be dropped.”
Of course, there is a big deference; our hobbyist won’t be using those cookies for commercial purposes or, as McClelland puts it, “they’ll get away with it because they won’t be doing anything
What exactly are cookies?
So what, you might ask, are cookies and what fancy tricks can we perform with them?
Cookies are small text files that a website sends to your computer when you visit a website. It assigns a unique reference number to your computer so that when you return to the site at a later date the website recognises you.
It’s basically like a memory for a website. You can set your browser to block cookies but, if you do so, using certain websites will be impossible because of the usability that cookies provide.
Third-party cookies are a step up from your average cookie. Some websites will pass your cookie on to a third party that will use your information to tailor ads to display on the page of the original website. Like those trainers following you around, for example.
This behavioural advertising and the passing around of the data from cookies has people most worried as it builds up a profile for each customer over time.
Cookies have been around for a while. So why all the palaver now?
Let’s get this straight, cookies cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used by spyware to track user’s browsing activities, a major privacy concern that prompted European and US law makers to take action. Cookies could also be stolen by hackers to gain access to a victim’s web account.
“If you remove cookies you therefore lose one of the primary reasons why the internet is so attractive to marketers and advertisers”
Rob Richardson, sales director at Casis Media
McClelland believes it’s the widespread press about data theft that has stirred the EU into action – and with it, the slightly more reluctant Information Commissioner’s Office (ICO) – the UK’s independent authority on information rights.
It’s media, Jim, but not as we know it
Cookies are, arguably, a big reason why the online economy has witnessed the growth over the past ten years. Much of the innovation and job creation is being driven by the internet in this country and the government is aware of this and doesn’t want to stifle it.
“Cookies facilitate a level of measurement that no other medium such as print or TV can come close to,” says Craysfirth. “Subsequently, this has driven economic growth and generated thousands of jobs both home and abroad.”
Some of adland’s leaders are extremely worried, predicting the end of online media.
“If you remove cookies you therefore lose one of the primary reasons why the internet is so attractive to marketers and advertisers,” warns Rob Richardson, sales director at Casis Media.
“Many content-heavy sites which are expensive to run (such as The Huffington Post), suddenly become commercially unviable and close down.”
Clear as mud
The ICO has been charged with the implementation of the EU regulations and, according to many in the industry, they have been relatively pragmatic in their approach.
“The ICO understands the difficulties and is giving the industry plenty of time,” says McClelland. “It is between a rock and a hard place. It’s very hard for any regulation to keep up with the internet.”
One of the major complaints from the industry has been that the ICO’s guidance doesn’t go far enough to go through the steps that businesses need to take. This is even apparent from the wording on its advice page:
“[This guide] is aimed at those organisations which are starting to think about how they will comply with the new rules. It is a starting point for getting compliant rather than a definitive guide.”
From that announcement it would seem that the ICO is happy for companies to simply think about how they will become compliant, rather than implement harsh and potentially harmful changes immediately.
However, looking at the cookie announcement and “opt in” banner on the top of the ICO’s page it would seem that opting in could be the shape of things to come.
Or of course stick your head in the silicon
According to Michael Coyle, partner and technology expert at Lawdit Solicitors, the general reaction has been to do nothing at all.
“The underlying sentiment coming from my clients is that they don’t give a toss. We notified our clients of the changes back in May and expected a huge reaction, but very few have bothered at all.
“ICO is there to encourage people to ensure they are in compliance,” continues Coyle. “They are not there to hit people with stick. If you did a short poll of 100 businesses I bet you’d find that no one has bothered to comply.”
Well that’s not very encouraging. It would seem that these companies, having looked at the regulations and deemed them too onerous and commercially damaging, are waiting to see what happens.
Browsers to the rescue?
One of the theories being championed by industry experts i
s that browser technology is being revised in an attempt to enhance privacy settings and, therefore, take the onus away from individual websites. Individuals would merely need to adjust their browser settings to accept cookies.
“The policy of ‘wait and see’ referred to in the ICO guidance and government commentary suggests that the browser manufacturers are being pressed to find a technical solution by which browsers can be enhanced to meet the requirements,” argues Walker.
Is it wise to wait and hope that browsers will come to the rescue? McClelland doesn’t think so.
“The government is working with technology companies to make that possible but we don’t know if that will happen – companies that are not acting in the hope that this will happen need to rethink.”
‘Strictly necessary’: a way out?
There is a clause in the great cookie cull, which permits cookies deemed “strictly necessary”. An example of a necessary cookie is one used to maintain the contents of a shopping basket on, say, Amazon. But those hoping to use this clause to bend the rules might find themselves disappointed. The ICO describes it as “a narrow exception”.
Cookies across the pond
The regulations are being interpreted differently throughout Europe. Britain has been the most lenient so far, according to experts, although it has to be said only a handful of member states have actually implemented anything.
“The UK has been very good in getting legislation organised on time – other countries are running at little bit behind. But of those who have applied the new rules, the UK has taken the most liberal approach.
“Understanding what the true effects will be to the world markets…is impossible”
Dennis Dayman, chief privacy officer at Eloqua
Adland’s doom-mongers mention the Netherlands as a case in point.
“Since the date of the legislative proposal, the online-advertising industry has been very critical, fearing that the requisite opt-in consent could force users to click more pop-up windows while navigating the internet and damaging its business model.”
In the US, bills in congressional circulation have been drafted to cover much of the same stipulations of the EU Privacy Directive. The US, however, is primarily focused on requiring permission exclusively for third-party tracking practices – the EU directive, on the other hand, applies to all web operators.
Lights, cookies, action
The ICO has advised that website owners should make a list of all cookies and similar technologies being used on a website and how they are used. For each one, determine how intrusive that method is, i.e. does the information track people’s habits on your site, is the information used by third parties?
The future of cookies and the effect their regulation will have on the commercial arm of the internet is unknown. Technology and general awareness in the public about what cookies do will certainly grow and the journey that customers make to websites will soon have to change.
“As it stands today, many of the EU members have not been able to meet the implementation deadline because of concerns about how companies can become compliant in time,” explains Dennis Dayman, chief privacy officer at revenue performance management specialist Eloqua.
“So, understanding what the true effects will be to the world markets that rely heavily on e-commerce and how such requirements will possibly impact technology innovation is impossible.”
Dayman does, however, offer some advice – getting creative seems to be high up on the agenda.
“Already, there are companies providing online tools, education and services to help facilitate this process, but other less expensive alternatives include creative ways to encourage opt-ins like giveaways, leveraging free social media tools to build relationships with customers and prospects or establishing a referral program with existing customers.”
Hopefully this level of innovation and creativity shouldn’t be impossible for the UK’s inventive advertisers and tech companies. But for now there’s no way of knowing for sure which way this cookie will crumble.