SlideShare uma empresa Scribd logo

Cookie Law - implications of the EU privacy directive

Content Formula
Content Formula
TecnologiaNotícias e política
1 de 20
Compliance implications of the EU e-privacy directive Just when we were celebrating getting rid of IE6…
Overview  The Revised E-Privacy Directive aka the “Cookie Law” is due to be enforced from the 26th May 2012.  The synopsis is that if you are tracking users and capturing data on them, you MUST ask them for consent or you cannot track them. Most tracking is achieved via browser “cookies” (simple text files containing data).  The only exceptions are for cookies which are “strictly necessary” and without which websites won’t work properly:  Framework session cookies (EG a PHP session cookie)  Shopping cart cookies (can’t have the cart forgetting what you tried to buy)  Analytics cookies are not included in the “strictly necessary” definition.
The upshot 1. Companies are going to have to conduct a cookie audit to identify what their website is actually doing and then implement a solution to ask users for permission to any cookies that the company deems necessary. 2. Companies that choose to be fully compliant are going to lose a massive percentage of their analytics data as a large percentage of users will not consent to tracking. The Information Commissioners Office (UK regulatory body) revealed a 90% drop in analytics stats when they implemented a consent solution.
Reading between the lines The ICO has said that it's looking for “positive steps” when it comes to any enforcement policy and we should expect them to be helpful rather than adversarial in the first few months of enforcement. With this in mind, some companies are choosing to meet a minimum level of compliance now, with a view to re-assessing the lay of the land later on once a consensus on best practice has been reached by the early adopters. There are also grumblings that although the ICO are laying down the law the government hasn’t yet really had its say, instead commented on the need for browser vendors to provide a solution. http://bit.ly/H9ZjxL Basically, the implementation of the law is a mess and should we sit tight and see what happens?
Reading between the lines With this in mind and the fact that enforcement is pretty unlikely to happen immediately, the following approaches have all been mooted as perfectly valid, depending on the companies sensitivity to adverse PR if any sort of story were to arise.  Baby steps: Do a cookie audit and update the privacy policy with friendly information about the cookies being used. (Not compliant, but a “positive step”)  The fifty per cent: Remove all cookies except for analytics, adopt clear iconography advising which remaining cookies are used and link to an updated privacy policy. (Not compliant, but arguable – and many companies will be arguing!)  Full compliance: Cookie audit, updated iconography / privacy policy and a solution that tests for user consent for cookies that are not strictly necessary The end decision is definitely a “personal” one, based on the ethos of the company involved and their attitude to risk. (And their users)
Reading between the lines On top of all this, and rather intriguingly, the ICO has left a small door open on analytics cookies (through which everyone is stampeding). “Provided clear information is given about their activities we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action.” IE – “They are still illegal, but we’re unlikely to come down on you for them” http://bit.ly/HAhBIq
The detail..
“Strictly Necessary” The directive contains 2 concepts:  Strictly necessary Cookies without which websites cannot operate. EG shopping carts can reasonably be expected by the user to remember previous items the user has selected to purchase. Without remembering this, the cart is useless and the user journey fails.  Informed consent For all other purposes – you have to ask the user whether they are OK with you tracking them for this purpose. Strictly Necessary Informed Consent Load balancing Analytics PHP Session Advertising networks Shopping basket User preferences EG “Welcome back John”
1st party vs 3rd party The type of cookie being set also impacts on this, especially those cookies placed by sites other than the one the users is browsing.  1st party cookies are cookies set by YOUR website  3rd party cookies are set by other sites (EG Google Adwords) to track users as they browse from site to site. These are typically advertising cookies. 1st Party 3rd Party Strictly Necessary No consent required n/a Consent required Consent granted once, can Have to ask for consent keep the setting stored each time a user visits the indefinitely site
Compliance step 1 Audit the cookies the site is currently setting and establish which are 1st and 3rd party along with what fits the description of strictly necessary.
Compliance step 2 Update your privacy policy to contain clear information on what cookies you would like to set, what they do and where the information goes. • Some sites have created whole “cookie” related sections, rather than putting everything into the existing privacy policy. • The ICO are keen that the wording is in plain English, as the whole idea of the law is help users make an informed choice about their privacy.
Compliance step 3 Implement a system to get consent from the users:  It should link to the information on your site about cookies and explanations of what you do with the data  It should have a method of asking users for their consent for you to track them. Importantly it also needs to be:  Obvious and friendly enough to encourage as good a click rate as possible  Intelligent with regard to 1st and 3rd party cookies
Compliance workflow User Arrives Repeat visitor Strictly New user or with consent Necessary no consent cookie present cookies set 3rd party cookies need setting Consent solution presented on page load At this point it’s not clear whether the best solution is to “nag” the user on every 1st and 3rd party page. The problem is User cookies set as User declines or that to avoid doing appropriate along with accepts so… you need to set a ignores “consent” cookie cookie!
Solutions: Status Bar - Top Status Bar - Bottom Pros – Imposing and in the eyeline but not Pros – Not obstructive, the user can obstructive, the user can continue to continue to browse, still very obvious browse. Cons: - Can be ignored, not in the eyeline Cons: - Can be ignored on taller pages unless it floats over content.
Solutions: Modal Overlay Gutter Widget Pros – Very imposing, user cannot pass Pros – Can be nicely designed, floats to without making a choice remain in users eyeline, 3rd party script already exists Cons: - Very obstructive, might lead to higher bounce rate from the site Cons: - Too easy to ignore, overlays content on smaller screens, not much use for mobile.
Server-side analytics Rather than relying on cookies and javascript, you let the webserver itself gather data on the user from the PHP process or server logs. This could also be against the law although there appears to be some confusion on this matter still. Pros  Some form of analytics can be kept live to inform business decisions Cons  The available solutions are not as advanced, they don’t track nearly so much data or enable you to have advanced functions such as funnels or goals and you can’t track repeat users.  Has a cost implication for implementation, even if the solution itself is open-source.  Adds extra load to the webserver  Cannot be installed on some hosting environments
Sampling via Google Analytics  Even if there is a 90% drop, the remaining 10% is still a representative sample of your user base.  Statistics for the whole can be inferred from this sample.  It is not clear though whether this 10% would be “engaged” with your company already – IE whether the sample is skewed.
A/B Testing There is currently very little / no public data on the effects of the various types of solution on user interactions with websites. There is certainly no best practice as yet and there are various organisations competing to try and come up with a standard. Eventually a standard will emerge, or the issue will be solved by the browser vendors (Which is the argument for the “reading between the lines” approach to compliance in slide 4). In the meantime the very best approach would be to test the implementations against each other and gather hard data on which works best for the users of YOUR site. A/B testing is cheap to conduct, but the cost will include having to develop at least 2 compliance solutions initially.
Final Consideration Whatever your company decides to do, comms teams should be aware of the company policy, especially if non-compliance is followed, as there could be incoming traffic on this subject.
Further reading Latest state of play:  http://econsultancy.com/uk/blog/9453-econsultancy-s-solution-to-eu-e- privacy-directive-compliance  http://www.cookielaw.org/blog.aspx  http://blog.silktide.com/ Implementation examples  http://db.tt/yYc182rv (PowerPoint Deck)  http://bt.com (Go to bottom right corner and click on “Cookies”)

Recomendados

Принятие решений онлайн
Принятие решений онлайнПринятие решений онлайн
Принятие решений онлайн
Mikhail Doroshevich
 
Eposter_Presentation_Paris_2016
Eposter_Presentation_Paris_2016Eposter_Presentation_Paris_2016
Eposter_Presentation_Paris_2016
Martin Nwodo
 
Faceta d
Faceta dFaceta d
Faceta d
Mery Luz Rivera Aravena
 
Homestay Annur Gerik
Homestay Annur Gerik Homestay Annur Gerik
Homestay Annur Gerik
Annur Syuhadah
 
A guerra do vietnã cursinho
A guerra do vietnã cursinhoA guerra do vietnã cursinho
A guerra do vietnã cursinho
Ócio do Ofício
 
Չարլի Չապլին
Չարլի Չապլին Չարլի Չապլին
Չարլի Չապլին
AnTadevosyan
 
PET Technologies cambia su imagen corporativa
PET Technologies cambia su imagen corporativaPET Technologies cambia su imagen corporativa
PET Technologies cambia su imagen corporativa
PET Technologies
 
Social Media Report 2015 (Republica Moldova)
Social Media Report 2015 (Republica Moldova)Social Media Report 2015 (Republica Moldova)
Social Media Report 2015 (Republica Moldova)
Constantin Cocioaba
 

Recomendados

Принятие решений онлайн
Принятие решений онлайнПринятие решений онлайн
Принятие решений онлайн
Mikhail Doroshevich
 
Eposter_Presentation_Paris_2016
Eposter_Presentation_Paris_2016Eposter_Presentation_Paris_2016
Eposter_Presentation_Paris_2016
Martin Nwodo
 
Faceta d
Faceta dFaceta d
Faceta d
Mery Luz Rivera Aravena
 
Homestay Annur Gerik
Homestay Annur Gerik Homestay Annur Gerik
Homestay Annur Gerik
Annur Syuhadah
 
A guerra do vietnã cursinho
A guerra do vietnã cursinhoA guerra do vietnã cursinho
A guerra do vietnã cursinho
Ócio do Ofício
 
Չարլի Չապլին
Չարլի Չապլին Չարլի Չապլին
Չարլի Չապլին
AnTadevosyan
 
PET Technologies cambia su imagen corporativa
PET Technologies cambia su imagen corporativaPET Technologies cambia su imagen corporativa
PET Technologies cambia su imagen corporativa
PET Technologies
 
Social Media Report 2015 (Republica Moldova)
Social Media Report 2015 (Republica Moldova)Social Media Report 2015 (Republica Moldova)
Social Media Report 2015 (Republica Moldova)
Constantin Cocioaba
 
Big Data and Sustainable Competitive Advantage
Big Data and Sustainable Competitive AdvantageBig Data and Sustainable Competitive Advantage
Big Data and Sustainable Competitive Advantage
Andrei Grigoriev
 
Belarusian Internet Audience in July'2014 / gemiusAudience
Belarusian Internet Audience in July'2014 / gemiusAudience Belarusian Internet Audience in July'2014 / gemiusAudience
Belarusian Internet Audience in July'2014 / gemiusAudience
Mikhail Doroshevich
 
Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...
Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...
Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...
CoMagic
 
Globalização e neoliberalismo
Globalização e neoliberalismoGlobalização e neoliberalismo
Globalização e neoliberalismo
Ócio do Ofício
 
Twilio Contact Center Overview
Twilio Contact Center OverviewTwilio Contact Center Overview
Twilio Contact Center Overview
Twilio Inc
 
Nazismo e racismo
Nazismo e racismoNazismo e racismo
Nazismo e racismo
Luiz Antonio Souza
 
Introduzione a JavaScript e jQuery (1/2)
Introduzione a JavaScript e jQuery (1/2)Introduzione a JavaScript e jQuery (1/2)
Introduzione a JavaScript e jQuery (1/2)
Giuseppe Vizzari
 
Twilio Product Overview
Twilio Product OverviewTwilio Product Overview
Twilio Product Overview
Twilio Inc
 
As bombas inteligentes
As bombas inteligentesAs bombas inteligentes
As bombas inteligentes
Luiz Antonio Souza
 
SMART Seminar Series: "Spatial simulation of complex adaptive systems: why “a...
SMART Seminar Series: "Spatial simulation of complex adaptive systems: why “a...SMART Seminar Series: "Spatial simulation of complex adaptive systems: why “a...
SMART Seminar Series: "Spatial simulation of complex adaptive systems: why “a...
SMART Infrastructure Facility
 
SMART Seminar Series: "UrbanGrowth NSW Collaborative Learning – Working with ...
SMART Seminar Series: "UrbanGrowth NSW Collaborative Learning – Working with ...SMART Seminar Series: "UrbanGrowth NSW Collaborative Learning – Working with ...
SMART Seminar Series: "UrbanGrowth NSW Collaborative Learning – Working with ...
SMART Infrastructure Facility
 
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"
SMART Infrastructure Facility
 
Seven objectives for your modern intranet in 2024
Seven objectives for your modern intranet in 2024Seven objectives for your modern intranet in 2024
Seven objectives for your modern intranet in 2024
Content Formula
 
Top 10 sharepoint intranet examples for 2024
Top 10 sharepoint intranet examples for 2024Top 10 sharepoint intranet examples for 2024
Top 10 sharepoint intranet examples for 2024
Content Formula
 
Xoralia Policy Management for SharePoint, Microsoft 365 and MS Teams
Xoralia Policy Management for SharePoint, Microsoft 365 and MS TeamsXoralia Policy Management for SharePoint, Microsoft 365 and MS Teams
Xoralia Policy Management for SharePoint, Microsoft 365 and MS Teams
Content Formula
 
Top 10 intranet ideas to make your intranet more engaging
Top 10 intranet ideas to make your intranet more engagingTop 10 intranet ideas to make your intranet more engaging
Top 10 intranet ideas to make your intranet more engaging
Content Formula
 
Power Automate vs Nintext Workflow infographic
Power Automate vs Nintext Workflow infographicPower Automate vs Nintext Workflow infographic
Power Automate vs Nintext Workflow infographic
Content Formula
 
Sharepoint Modern vs Classic inforgraphic
Sharepoint Modern vs Classic inforgraphicSharepoint Modern vs Classic inforgraphic
Sharepoint Modern vs Classic inforgraphic
Content Formula
 
15 Intranet design examples
15 Intranet design examples15 Intranet design examples
15 Intranet design examples
Content Formula
 
Intranet and Office 365 governance at a large company - case study
Intranet and Office 365 governance at a large company - case studyIntranet and Office 365 governance at a large company - case study
Intranet and Office 365 governance at a large company - case study
Content Formula
 
Making Smiles - a social intranet to engage employees around CSR
Making Smiles - a social intranet to engage employees around CSRMaking Smiles - a social intranet to engage employees around CSR
Making Smiles - a social intranet to engage employees around CSR
Content Formula
 
Intranet Design: A user-centred approach
Intranet Design: A user-centred approachIntranet Design: A user-centred approach
Intranet Design: A user-centred approach
Content Formula
 

Mais conteúdo relacionado

Destaque

Belarusian Internet Audience in July'2014 / gemiusAudience
Belarusian Internet Audience in July'2014 / gemiusAudience Belarusian Internet Audience in July'2014 / gemiusAudience
Belarusian Internet Audience in July'2014 / gemiusAudience
Mikhail Doroshevich
 
Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...
Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...
Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...
CoMagic
 

Destaque (12)

Big Data and Sustainable Competitive Advantage
Big Data and Sustainable Competitive AdvantageBig Data and Sustainable Competitive Advantage
Big Data and Sustainable Competitive Advantage
 
Belarusian Internet Audience in July'2014 / gemiusAudience
Belarusian Internet Audience in July'2014 / gemiusAudience Belarusian Internet Audience in July'2014 / gemiusAudience
Belarusian Internet Audience in July'2014 / gemiusAudience
 
Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...
Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...
Интернет-маркетинг и веб-аналитика у автодилеров по системе ИБД (имитация бур...
 
Globalização e neoliberalismo
Globalização e neoliberalismoGlobalização e neoliberalismo
Globalização e neoliberalismo
 
Twilio Contact Center Overview
Twilio Contact Center OverviewTwilio Contact Center Overview
Twilio Contact Center Overview
 
Nazismo e racismo
Nazismo e racismoNazismo e racismo
Nazismo e racismo
 
Introduzione a JavaScript e jQuery (1/2)
Introduzione a JavaScript e jQuery (1/2)Introduzione a JavaScript e jQuery (1/2)
Introduzione a JavaScript e jQuery (1/2)
 
Twilio Product Overview
Twilio Product OverviewTwilio Product Overview
Twilio Product Overview
 
As bombas inteligentes
As bombas inteligentesAs bombas inteligentes
As bombas inteligentes
 
SMART Seminar Series: "Spatial simulation of complex adaptive systems: why “a...
SMART Seminar Series: "Spatial simulation of complex adaptive systems: why “a...SMART Seminar Series: "Spatial simulation of complex adaptive systems: why “a...
SMART Seminar Series: "Spatial simulation of complex adaptive systems: why “a...
 
SMART Seminar Series: "UrbanGrowth NSW Collaborative Learning – Working with ...
SMART Seminar Series: "UrbanGrowth NSW Collaborative Learning – Working with ...SMART Seminar Series: "UrbanGrowth NSW Collaborative Learning – Working with ...
SMART Seminar Series: "UrbanGrowth NSW Collaborative Learning – Working with ...
 
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"
 

Mais de Content Formula

Mais de Content Formula (13)

Seven objectives for your modern intranet in 2024
Seven objectives for your modern intranet in 2024Seven objectives for your modern intranet in 2024
Seven objectives for your modern intranet in 2024
 
Top 10 sharepoint intranet examples for 2024
Top 10 sharepoint intranet examples for 2024Top 10 sharepoint intranet examples for 2024
Top 10 sharepoint intranet examples for 2024
 
Xoralia Policy Management for SharePoint, Microsoft 365 and MS Teams
Xoralia Policy Management for SharePoint, Microsoft 365 and MS TeamsXoralia Policy Management for SharePoint, Microsoft 365 and MS Teams
Xoralia Policy Management for SharePoint, Microsoft 365 and MS Teams
 
Top 10 intranet ideas to make your intranet more engaging
Top 10 intranet ideas to make your intranet more engagingTop 10 intranet ideas to make your intranet more engaging
Top 10 intranet ideas to make your intranet more engaging
 
Power Automate vs Nintext Workflow infographic
Power Automate vs Nintext Workflow infographicPower Automate vs Nintext Workflow infographic
Power Automate vs Nintext Workflow infographic
 
Sharepoint Modern vs Classic inforgraphic
Sharepoint Modern vs Classic inforgraphicSharepoint Modern vs Classic inforgraphic
Sharepoint Modern vs Classic inforgraphic
 
15 Intranet design examples
15 Intranet design examples15 Intranet design examples
15 Intranet design examples
 
Intranet and Office 365 governance at a large company - case study
Intranet and Office 365 governance at a large company - case studyIntranet and Office 365 governance at a large company - case study
Intranet and Office 365 governance at a large company - case study
 
Making Smiles - a social intranet to engage employees around CSR
Making Smiles - a social intranet to engage employees around CSRMaking Smiles - a social intranet to engage employees around CSR
Making Smiles - a social intranet to engage employees around CSR
 
Intranet Design: A user-centred approach
Intranet Design: A user-centred approachIntranet Design: A user-centred approach
Intranet Design: A user-centred approach
 
Information architecture for websites and intranets
Information architecture for websites and intranetsInformation architecture for websites and intranets
Information architecture for websites and intranets
 
Clairol Nice & Easy WOM campaign
Clairol Nice & Easy WOM campaignClairol Nice & Easy WOM campaign
Clairol Nice & Easy WOM campaign
 
Impulse app on Facebook
Impulse app on FacebookImpulse app on Facebook
Impulse app on Facebook
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

Cookie Law - implications of the EU privacy directive

  • 1. Compliance implications of the EU e-privacy directive Just when we were celebrating getting rid of IE6…
  • 2. Overview  The Revised E-Privacy Directive aka the “Cookie Law” is due to be enforced from the 26th May 2012.  The synopsis is that if you are tracking users and capturing data on them, you MUST ask them for consent or you cannot track them. Most tracking is achieved via browser “cookies” (simple text files containing data).  The only exceptions are for cookies which are “strictly necessary” and without which websites won’t work properly:  Framework session cookies (EG a PHP session cookie)  Shopping cart cookies (can’t have the cart forgetting what you tried to buy)  Analytics cookies are not included in the “strictly necessary” definition.
  • 3. The upshot 1. Companies are going to have to conduct a cookie audit to identify what their website is actually doing and then implement a solution to ask users for permission to any cookies that the company deems necessary. 2. Companies that choose to be fully compliant are going to lose a massive percentage of their analytics data as a large percentage of users will not consent to tracking. The Information Commissioners Office (UK regulatory body) revealed a 90% drop in analytics stats when they implemented a consent solution.
  • 4. Reading between the lines The ICO has said that it's looking for “positive steps” when it comes to any enforcement policy and we should expect them to be helpful rather than adversarial in the first few months of enforcement. With this in mind, some companies are choosing to meet a minimum level of compliance now, with a view to re-assessing the lay of the land later on once a consensus on best practice has been reached by the early adopters. There are also grumblings that although the ICO are laying down the law the government hasn’t yet really had its say, instead commented on the need for browser vendors to provide a solution. http://bit.ly/H9ZjxL Basically, the implementation of the law is a mess and should we sit tight and see what happens?
  • 5. Reading between the lines With this in mind and the fact that enforcement is pretty unlikely to happen immediately, the following approaches have all been mooted as perfectly valid, depending on the companies sensitivity to adverse PR if any sort of story were to arise.  Baby steps: Do a cookie audit and update the privacy policy with friendly information about the cookies being used. (Not compliant, but a “positive step”)  The fifty per cent: Remove all cookies except for analytics, adopt clear iconography advising which remaining cookies are used and link to an updated privacy policy. (Not compliant, but arguable – and many companies will be arguing!)  Full compliance: Cookie audit, updated iconography / privacy policy and a solution that tests for user consent for cookies that are not strictly necessary The end decision is definitely a “personal” one, based on the ethos of the company involved and their attitude to risk. (And their users)
  • 6. Reading between the lines On top of all this, and rather intriguingly, the ICO has left a small door open on analytics cookies (through which everyone is stampeding). “Provided clear information is given about their activities we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action.” IE – “They are still illegal, but we’re unlikely to come down on you for them” http://bit.ly/HAhBIq
  • 8. “Strictly Necessary” The directive contains 2 concepts:  Strictly necessary Cookies without which websites cannot operate. EG shopping carts can reasonably be expected by the user to remember previous items the user has selected to purchase. Without remembering this, the cart is useless and the user journey fails.  Informed consent For all other purposes – you have to ask the user whether they are OK with you tracking them for this purpose. Strictly Necessary Informed Consent Load balancing Analytics PHP Session Advertising networks Shopping basket User preferences EG “Welcome back John”
  • 9. 1st party vs 3rd party The type of cookie being set also impacts on this, especially those cookies placed by sites other than the one the users is browsing.  1st party cookies are cookies set by YOUR website  3rd party cookies are set by other sites (EG Google Adwords) to track users as they browse from site to site. These are typically advertising cookies. 1st Party 3rd Party Strictly Necessary No consent required n/a Consent required Consent granted once, can Have to ask for consent keep the setting stored each time a user visits the indefinitely site
  • 10. Compliance step 1 Audit the cookies the site is currently setting and establish which are 1st and 3rd party along with what fits the description of strictly necessary.
  • 11. Compliance step 2 Update your privacy policy to contain clear information on what cookies you would like to set, what they do and where the information goes. • Some sites have created whole “cookie” related sections, rather than putting everything into the existing privacy policy. • The ICO are keen that the wording is in plain English, as the whole idea of the law is help users make an informed choice about their privacy.
  • 12. Compliance step 3 Implement a system to get consent from the users:  It should link to the information on your site about cookies and explanations of what you do with the data  It should have a method of asking users for their consent for you to track them. Importantly it also needs to be:  Obvious and friendly enough to encourage as good a click rate as possible  Intelligent with regard to 1st and 3rd party cookies
  • 13. Compliance workflow User Arrives Repeat visitor Strictly New user or with consent Necessary no consent cookie present cookies set 3rd party cookies need setting Consent solution presented on page load At this point it’s not clear whether the best solution is to “nag” the user on every 1st and 3rd party page. The problem is User cookies set as User declines or that to avoid doing appropriate along with accepts so… you need to set a ignores “consent” cookie cookie!
  • 14. Solutions: Status Bar - Top Status Bar - Bottom Pros – Imposing and in the eyeline but not Pros – Not obstructive, the user can obstructive, the user can continue to continue to browse, still very obvious browse. Cons: - Can be ignored, not in the eyeline Cons: - Can be ignored on taller pages unless it floats over content.
  • 15. Solutions: Modal Overlay Gutter Widget Pros – Very imposing, user cannot pass Pros – Can be nicely designed, floats to without making a choice remain in users eyeline, 3rd party script already exists Cons: - Very obstructive, might lead to higher bounce rate from the site Cons: - Too easy to ignore, overlays content on smaller screens, not much use for mobile.
  • 16. Server-side analytics Rather than relying on cookies and javascript, you let the webserver itself gather data on the user from the PHP process or server logs. This could also be against the law although there appears to be some confusion on this matter still. Pros  Some form of analytics can be kept live to inform business decisions Cons  The available solutions are not as advanced, they don’t track nearly so much data or enable you to have advanced functions such as funnels or goals and you can’t track repeat users.  Has a cost implication for implementation, even if the solution itself is open-source.  Adds extra load to the webserver  Cannot be installed on some hosting environments
  • 17. Sampling via Google Analytics  Even if there is a 90% drop, the remaining 10% is still a representative sample of your user base.  Statistics for the whole can be inferred from this sample.  It is not clear though whether this 10% would be “engaged” with your company already – IE whether the sample is skewed.
  • 18. A/B Testing There is currently very little / no public data on the effects of the various types of solution on user interactions with websites. There is certainly no best practice as yet and there are various organisations competing to try and come up with a standard. Eventually a standard will emerge, or the issue will be solved by the browser vendors (Which is the argument for the “reading between the lines” approach to compliance in slide 4). In the meantime the very best approach would be to test the implementations against each other and gather hard data on which works best for the users of YOUR site. A/B testing is cheap to conduct, but the cost will include having to develop at least 2 compliance solutions initially.
  • 19. Final Consideration Whatever your company decides to do, comms teams should be aware of the company policy, especially if non-compliance is followed, as there could be incoming traffic on this subject.
  • 20. Further reading Latest state of play:  http://econsultancy.com/uk/blog/9453-econsultancy-s-solution-to-eu-e- privacy-directive-compliance  http://www.cookielaw.org/blog.aspx  http://blog.silktide.com/ Implementation examples  http://db.tt/yYc182rv (PowerPoint Deck)  http://bt.com (Go to bottom right corner and click on “Cookies”)