With all the speculation surrounding the EU’s Directive on Online Privacy it’s easy to lose perspective about getting compliant and forget that all we are being asked to do is talk to consumers about what we do, how we do it and why.
It is the manner in which we ask permission to continue using cookies and other tracking technology that is up for discussion. No one is suggesting there is a one-size-fits-all solution. The onus is clearly on the website owner to become more transparent.
Over time, companies with an indirect relationship to the consumer, like ad networks, will need to develop their own approaches. Browser manufacturers may also well have a role to play.
Keeping track of developments in the ePrivacy Directive and advice on becoming compliant is almost a full time job. The latest guidance from the Information Commissioners Office (ICO) takes a major step forward in recognising the validity of implied consent mechanisms – which most companies vastly prefer rather than having to obtain explicit consent as soon as a user clicks on to a site and cookies are set - subject to there being clear, prominent data collection notices and real control for the user.
The report outlines the importance of ensuring the user is aware of what cookies are, how they work and what they are being asked to consent to: "A reliance on implied consent in any context must be based on a definite shared understanding of what is going to happen – in this situation a user has a full understanding of the fact cookies will be set, is clear about what cookies do and signifies their agreement."
So who’s doing what? Which transparency solutions will fit your business best?
Some big advertisers and advertising networks, including AOL and Google, have begun placing recognisable “Ad Choices” icons on any ads that deploy tracking technology. The ‘AdChoices’ icon has been adopted as an instantly identifiable communication tool in the US, where Evidon is the market leader in powering more than 200 companies’ compliance. It is quickly finding favour in the UK and Europe too where Evidon clients are in wide deployment. When clicking on the icon, users will be presented with clear and easy-to-understand information about cookie usage.
Pop-up windows and Barrier Page overlays are one of the simplest and most likely methods of attracting the user’s attention and gaining consent. There is dissent among the ranks at the immense potential for annoying and alienating consumers through incessant pop-up headers and check boxes. Though, regulators seem to be grasping that demanding the implementation of endless, annoying pop-ups each time a website wishes to set a cookie will be to the detriment of everyone.
Any website that displays third party advertising also needs to get a handle on what tracking code is on their sites and the cookies these companies tracking code is placing on users browsers. In the future, compliance will need to be built in to contracts with third-party web service providers and marketing analysis firms.
This will take time, and third-party firms will still need an independent strategy for ensuring that their tracking is compliant across all sites where their tags appear, regardless of contract status. The ICO recognises the extra complications involved in obtaining consent in this instance, and is working with the industry and European data authorities to assist in addressing concerns.
While it is in the industry’s interest to give the user a choice and hope that their response is favourable, there is creeping support across the EU Commission on the Digital Agenda for Europe for the emerging DNT (do-not-track) technologies. These technologies would be applied across all networked devices and applications and to all types, and purposes, of tracking. Anytime a device makes a network request it will be accompanied by a notice categorically stating that the user does not wish to be tracked.
This blanket ‘no thanks’ approach is all well and good, and demonstrates clearly a user’s preferences. But, for that user to be truly in control of their browsing experience, surely they need to be properly educated on the positive, and perhaps hitherto unknown ways cookies enhance their browsing experience? If, after that, they make the decision to decline all tracking activity then at least they do so with a modicum of understanding and acceptance that that their internet engagement will be rather different going forward.
Evidon owns one of the most popular preference management tools, Ghostery, which has been downloaded more than 5 million times worldwide. Ghostery provides the complete “no thanks” functionality, but also enables the consumer to make an informed choice across more than 800 tracking companies. Our experience helping consumers make decisions about tracking suggests that blanket ‘on/off’ statements tend to have unintended consequences, and that informed, granular decisions are much more productive for all involved. It is our hope that do-not-track technologies will evolve to meet this requirement.
There are multiple routes for companies to take on the road to tracking transparency and we will see tremendous innovation in this area in 2012. While the choices can seem overwhelming at first, keep in mind that deciding to break the silence is the most important decision.
Evidon will be hosting a panel on Web Privacy at SXSW: Sex, Lies and Cookies: Web Privacy EXPOSED! Mon 12th March, 12.30 - 1.30pm at AT&T Conference Hotel, Salon B.
Photo (cc) jaygoldman.