💾 Archived View for gmi.noulin.net › mobileNews › 3224.gmi captured on 2023-06-16 at 19:38:16. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
2011-07-08 04:45:14
By Michael Millar Business reporter
By any yardstick the implementation of the EU's Privacy and Communications
Directive by its member states has been poor.
This is the 'cookie law' that governs what information a web site can collect
on its visitors without explicitly asking them if it's ok.
When the deadline to implement it passed in May only Estonia, Denmark and the
UK had taken steps to bring it into law.
Denmark has now decided to puts it draft rules on ice indefinitely and the UK
has given firms a year to comply.
To give the UK's Information Commissioner's Office its due, its guidance on the
law is probably the most comprehensive of any member state so far.
Internet stalking
This Directive was born of consumer concerns upon finding adverts for a
particular product they had previously looked at mysteriously appearing on
subsequent sites they visited.
This led to an outcry as people realised they were basically being stalked
around the internet.
And who was this sneaky perpetrator? Cookies.
Most cookies perform basic functional tasks like storing your login details or
personal preferences.
The perceived villain of the piece was 'third party cookies'; the ones that
enable companies to work out what you like and what you might want to buy, thus
allowing them to tailor their marketing to you.
So the Directive was drawn up which divided cookies into those which are
'strictly necessary' for a service being provided and others, which will
require consent from users.
Confusion
This has caused uproar, particularly among Europe's marketing community, who
are thoroughly confused.
Matt Isaacs Matt Isaacs, CEO of Essence, says there's confusion in the
marketing community about the new laws
Matt Isaacs is CEO of Essence, which develops and places online advertising for
brands such as Google, eBay, eHarmony and YouTube.
"Some are suggesting that it means nothing more than making users aware of the
standard security options within their browsers, while others believe it means
users need to be proactively alerted of each and every cookie ever placed on
their machine," he says.
The problem is the definition of 'strictly necessary' is very narrow, says Ben
Allgrove, partner at the international law firm, Baker & McKenzie.
He believes the term would cover a cookie that enables an online shopping
basket to function, but it would not cover a cookie that remembers you prefer
your website in English rather than French
"This law can't be complied with in any sensible way," Mr Allgrove says.
"If you had full compliance you'd have pop ups coming up all the time asking
for consent; consumers hate that and most web browsers automatically block the
pop ups anyway."
Lifeblood
Marketing professionals argue cookies are misunderstood and most actually
enhance the consumer experience, allowing people, for example, to be directed
to a Hilton hotel rather than Paris Hilton. (Or indeed, vice versa.)
Paul Carysforth is a partner at Amaze, which runs online marketing campaigns
for companies like Unilever, Lexus, Toyota, Coca-Cola and Dyson.
He says cookies are the lifeblood of an online business and restricting them
will do more than just interrupt consumers' while they are online.
Start Quote
Cookies are the primary means by which all online businesses determine the
return on their investment
Paul Carysforth Amaze
"Cookies are the primary means by which all online businesses determine the
return on their investment," he says.
"Without cookies it would be almost impossible for companies to understand
their ROI and in particular isolate which strategies are delivering a positive
return, and which would hamper investment and innovation."
Slightly more optimistic is Ben Cooper from Tullo Marshall Warren, which has
created online campaigns for the likes of Lynx, Guinness, Nissan and Sony
Ericsson.
He says there is a new challenge for marketers.
"There is little value in communicating with individuals who are patently not
engaged or interested," he says.
"With the changes in the cookie legislation we are now faced with trying to
convince individuals that there is indeed value in sharing their information
with a particular brand," he adds.
Mr Cooper says there could be something of a return to 'the good old days' of
marketing.
"In some sectors, notably financial services, there has already been a
resurgence in the use of direct mail where, for some products and services, the
returns can be measured more accurately and the targeting has improved," he
says.
Prior consent
What will test companies operating across Europe perhaps the most is just how
much 'prior consent' will be required by regulators before a consumer is judged
to have accepted cookies.
Have your cookie and eat it
Identify what cookies you use currently
Assess the necessity and intrusiveness of those cookies
Make clear and prominent disclosures on your websites about cookie use
Consider potential strategies for giving users' effective control over cookies
Focus on cookies that are more privacy intrusive, they attract greater
compliance problems
Here things get more confusing than ever as the 27 nations of the EU have
differing ideas.
"In the Netherlands there is discussion about whether consent must be
'unambiguous', which might make browser settings - a convenient way of getting
consent - less likely to be acceptable," says Matthew Norris, global head of
technology and media at the insurer Hiscox.
"German and French legal commentators use the term 'opt in' and that is more
draconian than the UK, where the Information Commissioner's Office has
specifically said that UK law does not amount to a requirement to opt in," he
says.
There is talk in some places of a 'double opt in', where consumers would have
to click on two separate links to give their consent.
European divide
Eduardo Ustaran, a partner in Field Fisher Waterhouse's privacy and information
group, says early signs are that member states will fall into one of these two
camps - those that impose a strict 'opt in' consent requirement and those that
recognise the ability of visitors to express consent through, for example,
appropriate browser or other application settings.
Mr Ustaran believes a double click policy "would be fatal to online commerce".
Many are waiting for the browser companies to ride to the rescue with enhanced
security settings that will allow consumers to weed out the cookies they do and
don't want.
The strain of enforcement could be very big on the regulators.
"There are millions, if not billions of websites in Europe and the world
accessed by UK citizens," says Richard Dennys, chief marketing officer at Qype,
Europe's largest consumer reviews site.
Ben Allgrove Baker and McKenzie's Ben Allgrove says taking a wait and see
approach is not enough
"Will the UK be issuing legal proceedings against non-UK websites which are
accessed by UK citizens? How many prosecutions can they handle per year? Will
there be test cases, then appeals, then what?"
But Ben Allgrove from Baker and McKenzie says a 'wait and see' approach will
not suffice as regulators are empowered to hand out big fines and cause big
dents in brand images.
"Enhanced browser controls may not happen and you can't palm off your
obligations to a browser manufacturer," he says.
Eduardo Ustaran is advising clients to identify all their cookies, assess their
necessity (for the functionality of the site) and intrusiveness, make clear and
prominent disclosures on their websites about cookie use, and consider
potential strategies for giving users' effective control over them.
Back to school
The cookie law was pushed through to satisfy a public that was suddenly aware
their privacy was at risk, even if they weren't sure how.
Essence's Matt Isaacs thinks it is time consumers were educated as to what
cookies are and how organisations use them to enhance a user's online
experience.
"This obviously requires an industry wide acknowledgment and commitment to
consumer privacy, but also a focused approach to educating consumers about
online privacy and when it's safe to release personal information online," he
says.
But as yet there is no co-ordinated approach from industry on either of these
and unless it comes soon it might be too late; the horse will already have
bolted and be causing traffic chaos on the internet super highway.