Home
Our services
Clients
Insight
Our people
About us
Careers
Blog

Cookies update

Contact
Home > Blog > Cookies update
Foolproof

Cookies update

By Meriel Lenfestey on 25 April 2012

Most people (apart from me) find the EU Privacy Directive a little dull… but there’s no denying it is an important issue for all our clients. We’ve been helping some of our clients walk the fine line between compliance and commercial reality.

In January I wrote a blog post – ‘EU cookie directive could make the web less accessible for all’ – in which I highlighted some challenges and concerns around the guidance issued by the ICO.

I stated that it contradicted itself and that the interpretation of the law was inflexible and unworkable for businesses. At the heart of the law is the need for “informed consent” for the storage and retrieval of information on an end user’s device.

The guidance explained that the need for information to qualify as “informed” recognised the varying intrusiveness of cookies and allowed for a proportional approach, but that the action required to create “consent” didn’t have a similar flexibility. However, the examples presented contradicted this by illustrating inferred consent solutions and suggesting collecting consent after placing cookies without explaining when this might be appropriate or how it could be deemed compliant.

This has driven a lot of debate within organisations and amongst digital professionals, as well as a lot of very different solutions ranging from fully compliant, prior explicit consent in the form of light boxes or avoiding placing cookies until consent is given; through to opt out statements in barely visible banners.

Reading between the lines of the ICO guidance it is clear they will focus enforcement energies on cases where no appropriate effort has been made to make users aware, and even then they will be reasonable in encouraging and allowing time for upscaling the response.

Our advice to clients is to understand the spirit of the law and then interpret it in a way which maps to the level of risk the organisation is prepared to take and the context of the business. Here are three examples:

  • For a highly risk averse company in a domain in which building customer trust is paramount, such as financial services, this means a more explicit consent route, e.g. interupt the user’s experience to inform them using a light box or overlay, and offer a clear choice, making accepting cookies the path of least resistance.
  • For a less constrained company dealing with non-intrusive cookies, such as the Foolproof site, it means focusing on informing and using an inferred consent route.
  • For any company using cookies to track behaviour and target promotions, it means accepting that this is the area the law is aimed at, and taking extreme care to demonstrate that you are being open and transparent – and that your users are therefore informed. We believe that clearly stating the benefits that cookies provide to users, indicating where content is affected and offering clear instructions on opting out is enough in most cases. The ICO’s response to the Digital Advertising Alliance’s self regulatory framework, most likely recognised as the Adchoices scheme, illustrates that this is a compromise they accept is more commercially viable than seeking explicit consent for tracking cookies.

    To summarise, we recommend focusing on taking reasonable steps to avoid enforcement rather than full compliance – at least in the short term until it’s clear how companies and the ICO will respond.

    We’re continuing to work with our clients to find the right solutions for their business. Contact us to see how we can help you.

    What do you think?
    25/04/12 Pete said:
    One big problem is third party plug ins such as Facebook Like buttons, how can you set up one opt out button for Facebook, Google+ Analytics, affiliate links and your own cookies? They seem to be giving very vague advice whcih frankly is not good enough if you are threatening £500k fines. I look forward to seeing the various Gov sites flouting the rules!
    25/04/12 Meriel Lenfestey said:
    One of many examples of reasons why full compliance is not workable for most sites (or even appropriate for the way most sites use cookies). This is an area where I'd recommend making sure you have clear information available so that your users are aware cookies are used in this way - and linking to the 3rd party cookies policy from your cookies information. Don't try to do more than that for the time being - but be ready to take further steps if necessary. If this happens you will not be alone! The ICO are saying that enforcement isn't slapping £500k fines on providers, but rather a negotiation where they take into account your constraints and give you time to get closer to compliance.
    26/04/12 Wolf Software said:
    We have created a number of plugins and solutions in order to assist companies in gaining compliance. Demos and downloads: http://demos.dev.wolf-software.com
    Leave your comment:
     

Similar Articles
By author By topic
About the author
Meriel Lenfestey

Leaving the RCA with my head full of rich interaction design ideas, and arriving at Microsoft as a product designer, showed me a new way of working. Fuelling the fami...

Read profile

Meriel Lenfestey
Write to us
info@foolproof.co.uk
Call us on
+44 (0) 20 7539 3840
Follow
Follow via Facebook Follow via Twitter Follow via Linkedin Follow via RSS Feed

© 2013 Foolproof Sitemap | Accessibility statement | Careers | Cookies
By visiting our site you accept that we use cookies to deliver a smooth experience and help us see how our site is used.

FOOLPROOF, FLOW INTERACTIVE, ONLINE SHOPPING SURVEY and OSS are trademarks of Foolproof Ltd.