We have been aware of it for almost a one year, but unfortunately the lawyers in EU headquarters are not changing their minds as we secretly hoped. The new EU data cookies law will be effective from 26th of May 2012 in the UK, but very rare companies have done something about it. Now we only have two months left.
What is a Data Cookie?
Cookie is a small file that is downloaded onto your device when you access a website, and it sends your information back to the site once you access it again. Cookies are used in most of the websites – for example, eCommerce site stores delivery details to fasten the checkout, Google analytics (one of the most common cookies) uses cookies to provide statistics for the website owners, and Google also uses them in Google search to provide more personalized search results and adverts.
The reason why cookies are so important for companies is the statistics and results they provide. These allow website owners to analyze the data and take actions to optimize the website performance. Marketers also need the results to justify the digital investment for the top management and investors.
What is the New EU Data Cookies Law?
The European Union Cookie law – or the Privacy and Electronic Communications (EC Directive) Regulations 2003 – was created to assure that website users have a choice whether the website can collect their information or not.
It means that cookies or similar devices must not be used unless the website subscriber or user:
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
However, device finger printing as a way of user identification is allowed.
What does the EU data cookies law signify for companies?
From May 26th 2012 companies must inform users about the cookies on their website, what the cookie is doing and ask actively users permission to use that cookie. Besides websites, devices like mobile phones, internet-connected TVs and gaming consoles require the same level of compliance.
How this is done in real life without spoiling the user experience? Well, that is a good question.
If the user does not give permission to use cookies, companies will have no track record of their visit, which means that visitor numbers are going to drop record low. It will also be extremely difficult to track website and campaign performance. Not only there is a great quantity of own and third party tagging, but do not forget the quantity of embedded YouTube videos, widgets, social log-ins, plug-ins etc. which also want to use cookies. Who will explain the Facebook cookies – the website owner or Facebook?
How to ask users permission to use cookies?
There are not many examples how companies are asking users permission to use cookies in real life. This is most probably because companies do not want to add an annoying message to their website until they absolutely have to. And of course companies prefer seeing what competitors are doing first and then possibly copying the message to their website. Of course the Information Commissioner’s Office (ICO) website had to provide an example. Not a great one to be honest, since if user ignores the message and does not click “accept” you cannot track them. It meant that ICO’s analytics data regarding the unique visitors dropped 90%.
There are however few options, such as:
- Modal dialogue box, which explains in detail what cookies are on the site and what they do. It is shown as a layer and does not allow user to interact with the site until they opt-in or opt-out
- Status bar, which appears in the top or bottom of the page. It informs users that cookies are used on the site and user needs to opt-in or opt-out to close it.
- Warning bar, which appears every time the website wants to use a cookie asking user to either accept or decline it.
How this is implemented in mobile, TV or tablets? I do not know. Maybe one option is to start by having a link advicing users of the new privacy policy, which then leads to a page explaining in more detail what the cookies are, why they are used, how they improve the site functionality, and explaining how the user can disable them in their browser (if they really want to).
Whatever you do, it is not worth waiting for 26th May 2012 to see what competitors are doing or you might risk a 500,000£ fine. It is better to start thinking and experimenting with AB testing now before it is too late. Of course usually the government does not act until someone complains – but do you really think that some of your competitors would not be happy to tip you off?
