I like cookies

By Meriel Lenfestey

No not that sort... the sort that makes my experience of the internet personal and efficient.

The European law makers aren’t so keen, or to be more accurate, they want to websites to get “explicit consent” from their users before they place a cookie on their computer or other device.  (See the story on the BBC website).

What is a cookie?

Very simply, a cookie is a text file which your browser can store to your computer when instructed by a website. It stores information about you, or what you are doing, which the website can access in the future.

Used properly, cookies can greatly enrich a user’s experience of a website.

  • Recognition: Cookies provide a great middle ground between anonymous and authenticated. They enable a site to say “Hi Meriel, here’s your stuff” without forcing an annoying login for a task which simply doesn’t require a full identify check.
  • Preferences: Cookies can be used to store user preferences, such as accessibility settings, or preferred formatting.
  • Processes: Although shopping baskets are going to be excluded from the legislation, there are many other types of process such as form filling. Cookies enable users to return to a process part way through, thereby providing convenience and removing a lot of frustration.

Most web browsers receive cookies by default, but have options to let people choose individually or refuse all.

What problem are they trying to solve?

This legislation seems be a rather blunt instrument. It is intended to stop websites collecting user data, and using it for behavioural advertising.

  • Is behavioural advertising so bad? If you reframe it as personal recommendations then it’s a feature many value. We must remember that all advertising is carefully placed to get maximum exposure to the right market.
  • If they are trying to let consumers control whether they receive behavioural advertising then focus on that – don’t put in place blanket legislation which will cause far more damage to online experiences. They should be legislating to control the use of the data rather than the mechanism for collecting it.

What’s the problem with asking for permission?

In normal life, I don’t expect people I meet to get my consent before remembering details about me. On the contrary, I am flattered when I discover that they have remembered me and are willing to tailor future conversations. I would, however, be upset if they had slipped something into my bag without my knowledge. Asking for permission for cookies is effectively likening cookie placement to putting something in my bag rather than remembering something. Physically, that may be more accurate, but the metaphor causes problems because we’re dealing with technology, not people. Technology can only ‘remember’ by storing data – and it needs to store it where it can get to it.

The legislation requires explicit consent before a cookie is placed. With a willing user in the right context, this can be as simple as ticking a checkbox during registration, like the “remember me” ones on many sites. Things are not always so simple.

  • Interruption: In a lot of situations, users are in a state of concentration (or flow) and will be interrupted by the request for consent. This damages the experience and therefore the brand.
  • Comprehension of benefit vs. risk: Cookies are simple text files which can do no harm to your computer and they are usually used to great benefit, much of which will not be visible (nor should be) to most users. The less technical are likely to get upset about a file being placed on their computer and will say “no” without realising the impact on their experience.

What can website owners do?

The details of the legislation are not yet available even though the restrictions are officially coming into effect in May 2011. Here are a few initial thoughts:

  • Placement of consent: It is important to identify the susceptible moments when consent can be easily framed in terms of benefit and with least impact to user flow.
  • Consent wording: The wording on the permission is critical. It may be that the “explicit consent” will need to be specific words. I hope that these are focused on the benefits to the user rather than the technology or ‘dangers’.
  • Authentication: Consider piggy backing off a single sign-on service. A client of ours has been implementing Facebook registration. This works well because users are often already signed in to Facebook, meaning that our client can identify them and provide a personal experience without requiring their own cookie.
  • Page design: You will need to design for the no-sayers as well as those who accept cookies. This will mean really understanding all the different scenarios of use for each page and providing relevant opportunities for login.
  • Consider other channels: If it becomes harder to tailor your site to an arriving user, then you might consider using other channels to personalise their experience, e.g. email.

Although the legislation is concerned with a technological restriction, the knock-on effects are all about experience. It shifts the goalposts a little for the design of websites. We’ll be watching this space closely and we’re happy to share our thoughts with you.

What do you think?