The new regulations on how cookies are allowed to be used have arrived amidst a blizzard of criticism from the people who have to implement the changes. What are they? Simple, instead of applying a cookie directly to a ‘customer’ they now have to opt-in to allow the cookie to be applied.
This came about due to the Article 29 Working Party (A29WP) having a deeper look into the murk that is consent and deciding that consent need to be more informed as the current methods are not transparent enough. Yes, we all know the T&Cs about the application of cookies is buried somewhere towards the end of a website’s ‘compulsory read’ but how many people actually read them? Probably about 1% of all users, if it is any more then I would be very surprised as it could take you all day to read just a few (Apple’s runs to 30 pages when printed!!) so virtually everyone just ticks the box and moves on. So is this consent fair in the meaning of the Directive and the Act? Basically the answer is no, there is no meeting of the 1st Principle as the information has not been collected fairly as the customer does not know what you are doing with their data….
So, when the A29WP looked into this, they discovered that virtually all cookies are not meeting the requirements of fair processing and decided to do something about it. I must admit that the idea they came up with is rather radical and very work intensive for the website builders but is that a consideration? Should we be more focussed on what the customer wants and understands or should we be harvesting information willy-nilly? The A29WP also pointed out that unambiguous consent would need to be clarified and blanket consent will not be allowed.
From the other side of the fence it is an extreme irritation and cost to have to set this up as it means I am not going to get anywhere near enough information about my customers nor am I going to be able to track what they do. This means my customer base is going to recede and I will have to spend more time and expense building it up, I may even have to change the way I offer things but that is all part and parcel of this new Directive from the A29WP.
This all came in on May 26th this year but the Information Commissioner has said he does not expect every company to be fully compliant straight away but to develop their systems as quickly as possible. He has prodiced a guidance note on this ICO Cookie Guidance which takes you through the requirements and offers some advice on how to implement the new regulations. The only problem is nobody has given any real thought to how it can be done without damaging the user experience or the website reporting.
Now forgive me for feeling slightly cynical here but isn’t this what we should have been doing all along? Yes!! Until now we have all been using cookies as surreptitious undercover agents and now we have all been caught out we have to put out hands up and start doing it properly. So come on everyone, the only reason this new directive is not liked is due to the fact we have been rumbled and now have to do things properly, oh well, maybe big brother is watching us watching them.
Oh, and please note, I have no cookies set that will track who you are reading this blog