SlideShare uma empresa Scribd logo

EU Cookie Directive Report On Compliance In The UK And Ireland

Krishna De
Krishna De

EU Cookie Directive - research into compliance in the UK and Ireland - original document at http://www.espiongroup.com/content/resources/Espion_White_Paper_-_EU_Cookie_Directive_-_A_User-Driven_Assessment_of_Online_Compliance_in_the_UK_and_Ireland.pdf

Tecnologia
1 de 11
Baixar para ler offline
White Paper: EU Cookie Directive - A User-Driven Assessment of Online Compliance in the UK and Ireland UK and Ireland EU Cookie Directive: A User-Driven Assessment of Online Compliance in the
Abstract This paper discusses research by Espion Group into the current state of EU Cookie Directive compliance among prominent UK and Irish websites. The findings clearly indicate that there is still great variation in treatment of the directive. While some sites have taken a proactive and responsive approach to the legislation, a larger majority of those assessed have yet to comply in a clear and explicit manner. Also, it is clearly evident that UK-based websites are achieving higher standards of compliance to this directive than corresponding Irish websites at present. EU Cookie Directive - Background and Context The 2003 Privacy and Electronic Communications (EC Directive) Regulations (2002/58/EC) cover the use of cookies and similar technologies for storing and accessing electronic information on computers, mobile devices and similar equipment. A follow-up 2009 Directive (2009/136/EC) amended this directive to require website owners to obtain consent when storing cookies on a user’s or subscriber’s device. Governments across Europe were originally given until 25th May 2011 to transpose these changes into their own law. The Irish government introduced corresponding legislation alongside several other EU member states on 1st July 2011 - this is reflected in Section 6 of the Data Protection Commissioner’s guidance note here. The UK government introduced similar amendments, but website owners were given an additional 12 month period to 25th May 2012 to comply to guidelines issued by the UK Information Commissioner’s Office (ICO). Legislation Overview Key phrasing from both the transposing UK and Irish legislation includes: “A person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met..... (2) The requirements are that the subscriber or user of that terminal equipment- (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and... (b) has given his or her consent” The Irish Data Commissioner’s Guidance Notes adds that this “clear and comprehensive” information should be “prominently displayed”, “clearly accessible”, and “as user friendly as possible”. It also requires that there is “clear communication to the user as to what s/he was being asked to consent to and a means of giving or refusing consent to any information being stored or retrieved”. While most of the discussion has focussed on the standard website context, the legislation also extends to cover “other situations where information is placed on, or retrieved from, terminal equipment” - mobile applications being another example. Stakeholder Reaction to Legislation Reaction to the legislation among EU-based website owners and technology commentators has indicated much uncertainty and confusion around handling it in practice. While the directive indicates desired objectives, it is felt among many that little clarity or guidance is offered with respect to how to comply, particularly at a national level - as well as having a clear set of standards and metrics to determine when a site is compliant. EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 1
There is also conflict around the perspective of website users - while privacy legislators are intent on increasing user awareness around use and storage of cookie-related information, site owners claim to have experienced little or no complaints or issues from patrons, and hence are questioning the necessity of such legislation. There are also questions around jurisdiction - for example, do non-EU corporations need to comply for within-EU site sub-domains? Or does consent have to be gained from site users based outside the EU? In particular, the technical implications around what can be regarded as user consent to cookie use and storage is still a gray area. For example, some argue that requiring upfront prior consent via pop-up dialogs would impact negatively on site uptake and use, as well as being technically difficult due to the fact that some cookies (e.g. analytics cookies) have already loaded prior to users accessing the home landing page and agreeing to, or rejecting the consent message. Despite these uncertainties among others, fines for non-compliance are severe - for example UK regulators can enforce fines of up to GBP£500,000 for failing to comply. Phased Enforcement and Implementation While a stated legal yardstick exists, policy developers at EU and national levels have stressed that cookie-related compliance is a moving process, and hence should also involve a continued, phased campaign of improvements in cookie-related policy enforcement over time, driving corresponding refinements and improvements in websites and applications by technology stakeholders. As mentioned, an important overarching objective of the legislation is to increase consumer understanding about cookies and online privacy in general. More specifically, this includes alerting users to cookie use, explaining to them how they work, and ensuring that even the most non-technical users can access clear information on how they are applied on an individual case basis for the websites and applications that they use. Issues around cookie use (and similar technologies) are viewed by policy developers as a core element in allowing users to feel in control and comfortable about their overall privacy online. In response, website and application guardians will need to provide ever-increasing transparency over their data collection and usage in relation to cookies and similar technology use going forward. While the present compliance bar is levelled at providing consumer access to clear information, future pipelined legislation amendments could attempt to address more challenging aspects of cookie compliance such as:  Greater emphasis around issues such as how individual cookie types will be audited.  Ensuring that cookies are used appropriately in applications in a way that is minimally invasive and respects user rights and online privacy.  Achieving more explicit and effective approaches to user consent.  Leveraging more enhanced support for cookie compliance at the browser-level. For example, despite industry resistance, Microsoft has shown increased desire to disable user tracking features, the recent Internet Explorer 10 launch being one example. Assessing Existing Website Treatment of Cookie Compliance Following the recent completion of the 12-month grace period for cookie compliance in the UK, Espion carried out a high-level analysis of the current state of compliance among influential, high-traffic websites, both in the UK, and also across a similar sample of key Irish-based websites for comparative purposes. In tandem with the core policy thrust of increased consumer privacy awareness and understanding, this analysis focussed on assessing cookie- EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 2
related content and its availability to site patrons, both technical and non-technical users. Hence, while Espion has carried out detailed cookie audits on a per-site basis for individual clients, such analysis represents other advanced, “back-end” compliance considerations that was not the core focus for this analysis. Key assessment goals included:  To understand the current overall status of cookie compliance among influential websites.  To assess the accessibility of cookie-related info, i.e. is it “readily available”, “prominently displayed”, and “easily accessible” in line with legislation wording.  To understand and rate the quality of the cookie-related information provided - i.e. is it “clear and comprehensive”, and “as user friendly as possible”. Also, understanding if it is clearly categorised for technical and non-technical user audiences.  To understand if and how websites are achieving user consent - either via prior (explicit) consent or implied consent methods.  To get an overall understanding of cookie types and categorisations being reported in cookie statements. Other key study methodology details include:  100 websites assessed as part of study o 50 of these were domestic UK-based sites, 50 were domestic Irish-based. o By “domestic” this means that the study excluded UK or Irish domain subsidiaries of foreign sites (e.g. google.co.uk, or ebay.ie). Similarly, it excluded Irish subsidiaries of UK parents and vice versa (e.g. ulsterbank.ie whose parent is UK-based RBS). o All the 100 sites were chosen on the basis of having to comply with the directive. While almost all prominent commercial sites use cookies to the extent that they would need to comply, a small number of exception sites claimed to not use cookies, or at least “strictly necessary” cookie types only, hence they were excluded. o Websites were chosen using the UK and Irish “Top Sites” rankings provided by Alexa (www.alexa.com). o Assessment was carried out on 28th/29th May 2012 using Google Chrome web browser (Version 19).  Cookie Information Quality Grading: To assess the quality of the cookie-related information provided, each website was given an arbitrary A, B or C-Grade rating based on inclusion of the following details in their cookie-related information o Explicit mention that the site uses cookies. o Clear, non-technical explanation of what cookies are. o Clear and categorised explanation of cookies types used on site, including:  High-level, non-technical categorisations such as those suggested in ICO guidance documentation (e.g. “strictly necessary”, “functionality”, “performance”, “browser experience”- related, “analytics”, “advertising/targeting”, “session vs. persistent” and so on).  Detailed categorisations focussing on individual cookie identifiers and related explanatory info. o Clear instructions on how to opt-in or opt-out of cookie tracking EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 3
Findings Overall, the results clearly indicate that prominent UK-based websites are achieving higher standards of compliance to the Cookie Directive than corresponding Irish websites at present, with much diversity in implementation of the directive. Provision of Cookie information As mentioned, all the chosen sites to be tested were required to comply with the directive. While all UK-based sites tested provided at least some form of cookie information, there were four Irish sites that failed to provide any cookie-related information at any level (Figure 1). Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Required to comply? 50 50 100% 100% 100% Cookie information provided? 46 50 92% 100% 96% Figure 1 - Provision of Cookie Info (Irish and UK Sites), Summary Cookie information “clearly accessible, prominently displayed”? In line with key legislation wording and guidance, Figures 2 and 3 summarise the degree to which provided cookie information was “clearly accessible” and “prominently displayed” throughout the sites tested. Figure 2 summarises the site location of such information, with only one-third of websites providing an explicit Cookie Policy Statement. Another 58% provided cookie information nested as part of the site’s Privacy Statement. A small minority (4%) included cookie info as part of the Terms and Conditions section. However there was a significant difference on a regional basis - only two of the Irish sites (4%) provided explicit cookie statements, compared to 31 of the UK sites (62%). Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Explicit Cookie Statement 2 31 4% 62% 33% Nested in Privacy Policy 40 18 80% 36% 58% Nested in Terms & Conditions 3 1 6% 2% 4% None Provided/Not Applicable 5 0 10% 0% 5% Totals 50 50 100% 100% 100% Figure 2 - Location of Cookie Info, Summary The findings in Figure 3 involved examining the number of user actions necessary to find cookie information from each site’s landing page (with necessary clicks or scrolling actions counting as individual user actions). Only a quarter of sites overall provided access within one action (Figure 3), with the majority requiring either two or three user actions. Most Irish sites (78%) provided access via privacy statements located at the bottom of landing pages, requiring three separate scroll-click-scroll actions to locate cookie information. UK sites fared better, with 46% (23 sites tested) providing the most direct accessibility to the information. EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 4
Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Accessible within one user action 2 23 4% 46% 25% Accessible within two user actions 5 16 10% 32% 21% Accessible within three user actions 34 8 68% 16% 42% Four or more user actions 4 3 8% 6% 7% Not Applicable 5 0 10% 0% 5% Totals 50 50 100% 100% 100% Figure 3 - Accessibility of Cookie Information from Landing Page, Summary Quality of information provided - “user friendly, clear and comprehensive”? This assessment involved grading the clarity and comprehensiveness of cookie-related information provided based on the information categories mentioned earlier (Figure 4). Sites achieving a Grade A rating provided all of the following information below (based on subjective Espion criteria aligned to the legislation wording):  Explicit mention that site uses cookies.  A non-technical explanation of what they are.  Clear non-technical categorisations of cookie types used.  Detailed itemised technical explanation of individual cookie IDs provided.  Clear opt-in/out information provided. Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Grade A 1 14 2% 28% 15% Grade B 6 28 12% 56% 34% Grade C 38 8 76% 16% 46% Not 5 0 10% 0% 5% Applicable Totals 50 50 100% 100% Figure 4 - Cookie Information Quality Ratings, Summary Most of the sites with Grade B ratings were rated lower on the basis of providing less clear categorisations - either providing high-level categories without detailed information of individual IDs, or vice versa where detailed ID-level technical information was provided without more intuitive, non-technical, categorisations. Most Grade C sites failed to provide any attempt at comprehensively detailing the cookies used and providing any form of clear categorisation. Overall, 25% of the sample provided at least some information of individual cookie IDs (Figure 5). 15% achieved Grade A ratings (Figure 4) – this included 14 UK sites and just one Irish site from the sample. A further one-third of the sample were Grade B, with over half achieving Grade C or lower. EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 5
Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Yes 4 21 8% 42% 25% No 46 29 92% 58% 75% Totals 50 50 100% 100% 100% Figure 5 - Provision of Info at Cookie ID Level, Summary Approaches to Acquiring Consent The majority of sites assessed resorted to achieving implied consent via URL links (with the words “consent” used liberally in such cases) (Figure 6). 12 UK-based sites were more explicit, providing clearly visible banner or pop-up notifications of cookie usage to users - typically on the first site visit and removing the notification on later visits. None of the assessed sites adopted a prior consent notification. Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Implied consent via banner or pop-up 0 12 0% 24% 12% Implied consent via URL link 42 38 84% 76% 80% Prior consent (pop-up) 0 0 0% 0% 0% None/Not Applicable 8 0 16% 0% 8% Totals 50 50 100% 100% 100% Figure 6 - Approaches to Achieving Consent, Summary Compliant or Not? While definitively determining some aspects of compliance to the directive is still a grey area to an extent, Espion combined some of the discussed metrics to define a simple arbitrary metric to determine levels of compliance among the sample, at least from the user perspective. In order to be rated as compliant, sites had to meet both of the criteria below:  Provided cookie information (either via Privacy Policy or explicit Cookie Policy statement) is accessible within two user actions or better from site landing page  Quality and comprehensiveness of cookie-related information is rated to be of Grade A or Grade B standard Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Compliant* 1 33 2% 66% 34% Not Compliant 49 17 98% 34% 66% Figure 7 - Rate of Compliance to Directive* * Based on subjective Espion metric calculation. Also assumes that Cookie statement information provided on each site has been audited and corresponds accurately with underlying web application It is clearly evident that compliance rates among UK sites is much higher based on this calculation (figure 7) two- thirds of this set achieve compliance based on this criteria, whereas only a single Irish site (2% of sample) is compliant - equating to 34% compliance across the entire sample. EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 6
Conclusion Clear distinctions exist at present between prominent UK and Irish websites in relation to compliance to the Cookie Directive. Despite Irish legislation wording, and its intent that it is not sufficient to solely provide the required information in a statement of terms and conditions or a privacy policy, the overwhelming majority of Irish-based sites assessed have yet to go beyond this. On the other hand, corresponding UK-based sites have paid greater attention to legislation wording and requirements and many have reflected these more clearly in their implementation of the directive. Greater attention to the directive across UK media sources, the allowance of a more explicit grace period, and the availability of assistive compliance guidelines appear to have contributed to compliance efforts there. More Info For more information on this research, contact Seamus Galvin, Espion Research at +353 (1) 210 1711, or seamus.galvin@espiongroup.com For more information on Espion’s cookie compliance and Information Security services, contact us at +353 (1) 210 1711, or info@espiongroup.com EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 7
About Espion Espion are Corporate Information specialists. We work with organisations across all industries and business functions to provide advice and assistance relating to the holistic compliance, protection and management requirements of their most valuable asset – information. This allows our clients to focus on their core business and ultimately achieve greater success. Espion Headquaters The Penthouse, Block 2 Deansgrange Business Park Deansgrange, Co. Dublin Ireland +353 (01) 2101711 www.espiongroup.com

Recomendados

Agenda 21 eu cookie seminar - david naylor - field fisher waterhouse
Agenda 21 eu cookie seminar - david naylor - field fisher waterhouseAgenda 21 eu cookie seminar - david naylor - field fisher waterhouse
Agenda 21 eu cookie seminar - david naylor - field fisher waterhouseagenda21
 
EU Privacy for US Businesses - Presentation to Union Square Ventures
EU Privacy for US Businesses - Presentation to Union Square VenturesEU Privacy for US Businesses - Presentation to Union Square Ventures
EU Privacy for US Businesses - Presentation to Union Square VenturesRob Blamires
 
120119 ukgc12-cookies
120119 ukgc12-cookies120119 ukgc12-cookies
120119 ukgc12-cookiesPeter McClymont
 
International Chamber Of Commerce UK - EU Cookie Directive Guide
International Chamber Of Commerce UK - EU Cookie Directive GuideInternational Chamber Of Commerce UK - EU Cookie Directive Guide
International Chamber Of Commerce UK - EU Cookie Directive GuideKrishna De
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibberauexpo Conference
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Comprend
 
How to use Facebook Live to bring your brand to life
How to use Facebook Live to bring your brand to lifeHow to use Facebook Live to bring your brand to life
How to use Facebook Live to bring your brand to lifeKrishna De
 
Cookies guidance v3
Cookies guidance v3Cookies guidance v3
Cookies guidance v3Andy Ryu
 

Recomendados

Agenda 21 eu cookie seminar - david naylor - field fisher waterhouse
Agenda 21 eu cookie seminar - david naylor - field fisher waterhouseAgenda 21 eu cookie seminar - david naylor - field fisher waterhouse
Agenda 21 eu cookie seminar - david naylor - field fisher waterhouseagenda21
 
EU Privacy for US Businesses - Presentation to Union Square Ventures
EU Privacy for US Businesses - Presentation to Union Square VenturesEU Privacy for US Businesses - Presentation to Union Square Ventures
EU Privacy for US Businesses - Presentation to Union Square VenturesRob Blamires
 
120119 ukgc12-cookies
120119 ukgc12-cookies120119 ukgc12-cookies
120119 ukgc12-cookiesPeter McClymont
 
International Chamber Of Commerce UK - EU Cookie Directive Guide
International Chamber Of Commerce UK - EU Cookie Directive GuideInternational Chamber Of Commerce UK - EU Cookie Directive Guide
International Chamber Of Commerce UK - EU Cookie Directive GuideKrishna De
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibberauexpo Conference
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Comprend
 
How to use Facebook Live to bring your brand to life
How to use Facebook Live to bring your brand to lifeHow to use Facebook Live to bring your brand to life
How to use Facebook Live to bring your brand to lifeKrishna De
 
Cookies guidance v3
Cookies guidance v3Cookies guidance v3
Cookies guidance v3Andy Ryu
 
Cookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, BarclaysCookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, Barclaystheidm_quals
 
Cookies
CookiesCookies
CookiesMarc Southern
 
DMA North: Legal Update
DMA North: Legal UpdateDMA North: Legal Update
DMA North: Legal UpdateRachel Aldighieri
 
DMA North: The DMA legal update
DMA North: The DMA legal updateDMA North: The DMA legal update
DMA North: The DMA legal updateRachel Aldighieri
 
Eprivacy issues and standards -- where do we stand?
Eprivacy issues and standards -- where do we stand?Eprivacy issues and standards -- where do we stand?
Eprivacy issues and standards -- where do we stand?Anna Long
 
Cookies and European Union Law
Cookies and European Union LawCookies and European Union Law
Cookies and European Union LawReactive, part of Accenture Interactive
 
The DMA conference 2012
The DMA conference 2012The DMA conference 2012
The DMA conference 2012Rachel Aldighieri
 
Bootlaw Cookies
Bootlaw CookiesBootlaw Cookies
Bootlaw Cookiesdbaillieu
 
Ico advice on_the_new_cookies_regulations_may2011
Ico advice on_the_new_cookies_regulations_may2011Ico advice on_the_new_cookies_regulations_may2011
Ico advice on_the_new_cookies_regulations_may2011Osnat Ben-Nesher Zaretsky
 
4Ps Cookies Legislation
4Ps Cookies Legislation4Ps Cookies Legislation
4Ps Cookies LegislationEllie_4Ps
 
Cookies Update
Cookies UpdateCookies Update
Cookies Update4Ps Marketing
 
4 ps cookies
4 ps cookies4 ps cookies
4 ps cookies4Ps Marketing
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data OpportunityiCrossing
 
DMA Cookies update
DMA Cookies updateDMA Cookies update
DMA Cookies updateRachel Aldighieri
 
EU cookie law - What you need to know
EU cookie law - What you need to knowEU cookie law - What you need to know
EU cookie law - What you need to knowCrafted
 
Cookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfCookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfAdzappier
 
Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)RobertMachin
 
Greenlight digital marketing - when the digital cookie crumbles
Greenlight digital marketing - when the digital cookie crumblesGreenlight digital marketing - when the digital cookie crumbles
Greenlight digital marketing - when the digital cookie crumblesGreenlight Digital
 
Children's Online Privacy Protection Rule
Children's Online Privacy Protection Rule Children's Online Privacy Protection Rule
Children's Online Privacy Protection Rule - Mark - Fullbright
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for youCookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for youKWD Webranking
 
Live Stream Insiders EP165: Content Topics And Trends For Your 2019 Live Streams
Live Stream Insiders EP165: Content Topics And Trends For Your 2019 Live StreamsLive Stream Insiders EP165: Content Topics And Trends For Your 2019 Live Streams
Live Stream Insiders EP165: Content Topics And Trends For Your 2019 Live StreamsKrishna De
 
Live Stream Insiders 10 June 2018
Live Stream Insiders 10 June 2018Live Stream Insiders 10 June 2018
Live Stream Insiders 10 June 2018Krishna De
 

Mais conteúdo relacionado

Semelhante a EU Cookie Directive Report On Compliance In The UK And Ireland

Cookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, BarclaysCookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, Barclaystheidm_quals
 
DMA North: The DMA legal update
DMA North: The DMA legal updateDMA North: The DMA legal update
DMA North: The DMA legal updateRachel Aldighieri
 
Eprivacy issues and standards -- where do we stand?
Eprivacy issues and standards -- where do we stand?Eprivacy issues and standards -- where do we stand?
Eprivacy issues and standards -- where do we stand?Anna Long
 
Bootlaw Cookies
Bootlaw CookiesBootlaw Cookies
Bootlaw Cookiesdbaillieu
 
Ico advice on_the_new_cookies_regulations_may2011
Ico advice on_the_new_cookies_regulations_may2011Ico advice on_the_new_cookies_regulations_may2011
Ico advice on_the_new_cookies_regulations_may2011Osnat Ben-Nesher Zaretsky
 
4Ps Cookies Legislation
4Ps Cookies Legislation4Ps Cookies Legislation
4Ps Cookies LegislationEllie_4Ps
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data OpportunityiCrossing
 
EU cookie law - What you need to know
EU cookie law - What you need to knowEU cookie law - What you need to know
EU cookie law - What you need to knowCrafted
 
Cookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfCookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfAdzappier
 
Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)RobertMachin
 
Greenlight digital marketing - when the digital cookie crumbles
Greenlight digital marketing - when the digital cookie crumblesGreenlight digital marketing - when the digital cookie crumbles
Greenlight digital marketing - when the digital cookie crumblesGreenlight Digital
 
Children's Online Privacy Protection Rule
Children's Online Privacy Protection Rule Children's Online Privacy Protection Rule
Children's Online Privacy Protection Rule - Mark - Fullbright
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for youCookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for youKWD Webranking
 

Semelhante a EU Cookie Directive Report On Compliance In The UK And Ireland (20)

Cookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, BarclaysCookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, Barclays
 
Cookies
CookiesCookies
Cookies
 
DMA North: Legal Update
DMA North: Legal UpdateDMA North: Legal Update
DMA North: Legal Update
 
DMA North: The DMA legal update
DMA North: The DMA legal updateDMA North: The DMA legal update
DMA North: The DMA legal update
 
Eprivacy issues and standards -- where do we stand?
Eprivacy issues and standards -- where do we stand?Eprivacy issues and standards -- where do we stand?
Eprivacy issues and standards -- where do we stand?
 
Cookies and European Union Law
Cookies and European Union LawCookies and European Union Law
Cookies and European Union Law
 
The DMA conference 2012
The DMA conference 2012The DMA conference 2012
The DMA conference 2012
 
Bootlaw Cookies
Bootlaw CookiesBootlaw Cookies
Bootlaw Cookies
 
Ico advice on_the_new_cookies_regulations_may2011
Ico advice on_the_new_cookies_regulations_may2011Ico advice on_the_new_cookies_regulations_may2011
Ico advice on_the_new_cookies_regulations_may2011
 
4Ps Cookies Legislation
4Ps Cookies Legislation4Ps Cookies Legislation
4Ps Cookies Legislation
 
Cookies Update
Cookies UpdateCookies Update
Cookies Update
 
4 ps cookies
4 ps cookies4 ps cookies
4 ps cookies
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data Opportunity
 
DMA Cookies update
DMA Cookies updateDMA Cookies update
DMA Cookies update
 
EU cookie law - What you need to know
EU cookie law - What you need to knowEU cookie law - What you need to know
EU cookie law - What you need to know
 
Cookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfCookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdf
 
Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)
 
Greenlight digital marketing - when the digital cookie crumbles
Greenlight digital marketing - when the digital cookie crumblesGreenlight digital marketing - when the digital cookie crumbles
Greenlight digital marketing - when the digital cookie crumbles
 
Children's Online Privacy Protection Rule
Children's Online Privacy Protection Rule Children's Online Privacy Protection Rule
Children's Online Privacy Protection Rule
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for youCookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you
 

Mais de Krishna De

Live Stream Insiders EP165: Content Topics And Trends For Your 2019 Live Streams
Live Stream Insiders EP165: Content Topics And Trends For Your 2019 Live StreamsLive Stream Insiders EP165: Content Topics And Trends For Your 2019 Live Streams
Live Stream Insiders EP165: Content Topics And Trends For Your 2019 Live StreamsKrishna De
 
Live Stream Insiders 10 June 2018
Live Stream Insiders 10 June 2018Live Stream Insiders 10 June 2018
Live Stream Insiders 10 June 2018Krishna De
 
Live Stream News Week Commencing 26 March 2017
Live Stream News Week Commencing 26 March 2017Live Stream News Week Commencing 26 March 2017
Live Stream News Week Commencing 26 March 2017Krishna De
 
Technology Trends 2017
Technology Trends 2017Technology Trends 2017
Technology Trends 2017Krishna De
 
Deloitte mobile consumer report UK 2016
Deloitte mobile consumer report UK 2016Deloitte mobile consumer report UK 2016
Deloitte mobile consumer report UK 2016Krishna De
 
Ireland mobile consumer survey by Deloitte 2016
Ireland mobile consumer survey by Deloitte 2016Ireland mobile consumer survey by Deloitte 2016
Ireland mobile consumer survey by Deloitte 2016Krishna De
 
Ericsson mobility report November 2016 Internet of Things
Ericsson mobility report November 2016 Internet of ThingsEricsson mobility report November 2016 Internet of Things
Ericsson mobility report November 2016 Internet of ThingsKrishna De
 
Ericsson mobility report November 2016 on live streaming trends
Ericsson mobility report November 2016 on live streaming trendsEricsson mobility report November 2016 on live streaming trends
Ericsson mobility report November 2016 on live streaming trendsKrishna De
 
UK Business Digital Index 2016
UK Business Digital Index 2016UK Business Digital Index 2016
UK Business Digital Index 2016Krishna De
 
Draft report on Harmful Communications and Digital Safety in Ireland
Draft report on Harmful Communications and Digital Safety in IrelandDraft report on Harmful Communications and Digital Safety in Ireland
Draft report on Harmful Communications and Digital Safety in IrelandKrishna De
 
Digital insights report 2016 Ireland by Virgin Media
Digital insights report 2016 Ireland by Virgin MediaDigital insights report 2016 Ireland by Virgin Media
Digital insights report 2016 Ireland by Virgin MediaKrishna De
 
UK digital marketing overview June 2016
UK digital marketing overview June 2016UK digital marketing overview June 2016
UK digital marketing overview June 2016Krishna De
 
Facebook Branded Content Guidelines 2016
Facebook Branded Content Guidelines 2016Facebook Branded Content Guidelines 2016
Facebook Branded Content Guidelines 2016Krishna De
 
CMA UK open letter to retailers about online reviews
CMA UK open letter to retailers about online reviewsCMA UK open letter to retailers about online reviews
CMA UK open letter to retailers about online reviewsKrishna De
 
EU Guidelines On The Right To Be Forgotten Implementation November 2014
EU Guidelines On The Right To Be Forgotten Implementation November 2014EU Guidelines On The Right To Be Forgotten Implementation November 2014
EU Guidelines On The Right To Be Forgotten Implementation November 2014Krishna De
 
Into Focus - a benchmark guide to effective nonprofit video
Into Focus - a benchmark guide to effective nonprofit videoInto Focus - a benchmark guide to effective nonprofit video
Into Focus - a benchmark guide to effective nonprofit videoKrishna De
 
Net Children Go Mobile European Report February 2014
Net Children Go Mobile European Report February 2014Net Children Go Mobile European Report February 2014
Net Children Go Mobile European Report February 2014Krishna De
 
Net Children Go Mobile Initial Findings From Ireland
Net Children Go Mobile Initial Findings From IrelandNet Children Go Mobile Initial Findings From Ireland
Net Children Go Mobile Initial Findings From IrelandKrishna De
 
An exploration of e-safety messages to young people, parents and practitioner...
An exploration of e-safety messages to young people, parents and practitioner...An exploration of e-safety messages to young people, parents and practitioner...
An exploration of e-safety messages to young people, parents and practitioner...Krishna De
 
Safer Internet Day 2014 LiveStream Schedule #SID2014
Safer Internet Day 2014 LiveStream Schedule #SID2014Safer Internet Day 2014 LiveStream Schedule #SID2014
Safer Internet Day 2014 LiveStream Schedule #SID2014Krishna De
 

Mais de Krishna De (20)

Live Stream Insiders EP165: Content Topics And Trends For Your 2019 Live Streams
Live Stream Insiders EP165: Content Topics And Trends For Your 2019 Live StreamsLive Stream Insiders EP165: Content Topics And Trends For Your 2019 Live Streams
Live Stream Insiders EP165: Content Topics And Trends For Your 2019 Live Streams
 
Live Stream Insiders 10 June 2018
Live Stream Insiders 10 June 2018Live Stream Insiders 10 June 2018
Live Stream Insiders 10 June 2018
 
Live Stream News Week Commencing 26 March 2017
Live Stream News Week Commencing 26 March 2017Live Stream News Week Commencing 26 March 2017
Live Stream News Week Commencing 26 March 2017
 
Technology Trends 2017
Technology Trends 2017Technology Trends 2017
Technology Trends 2017
 
Deloitte mobile consumer report UK 2016
Deloitte mobile consumer report UK 2016Deloitte mobile consumer report UK 2016
Deloitte mobile consumer report UK 2016
 
Ireland mobile consumer survey by Deloitte 2016
Ireland mobile consumer survey by Deloitte 2016Ireland mobile consumer survey by Deloitte 2016
Ireland mobile consumer survey by Deloitte 2016
 
Ericsson mobility report November 2016 Internet of Things
Ericsson mobility report November 2016 Internet of ThingsEricsson mobility report November 2016 Internet of Things
Ericsson mobility report November 2016 Internet of Things
 
Ericsson mobility report November 2016 on live streaming trends
Ericsson mobility report November 2016 on live streaming trendsEricsson mobility report November 2016 on live streaming trends
Ericsson mobility report November 2016 on live streaming trends
 
UK Business Digital Index 2016
UK Business Digital Index 2016UK Business Digital Index 2016
UK Business Digital Index 2016
 
Draft report on Harmful Communications and Digital Safety in Ireland
Draft report on Harmful Communications and Digital Safety in IrelandDraft report on Harmful Communications and Digital Safety in Ireland
Draft report on Harmful Communications and Digital Safety in Ireland
 
Digital insights report 2016 Ireland by Virgin Media
Digital insights report 2016 Ireland by Virgin MediaDigital insights report 2016 Ireland by Virgin Media
Digital insights report 2016 Ireland by Virgin Media
 
UK digital marketing overview June 2016
UK digital marketing overview June 2016UK digital marketing overview June 2016
UK digital marketing overview June 2016
 
Facebook Branded Content Guidelines 2016
Facebook Branded Content Guidelines 2016Facebook Branded Content Guidelines 2016
Facebook Branded Content Guidelines 2016
 
CMA UK open letter to retailers about online reviews
CMA UK open letter to retailers about online reviewsCMA UK open letter to retailers about online reviews
CMA UK open letter to retailers about online reviews
 
EU Guidelines On The Right To Be Forgotten Implementation November 2014
EU Guidelines On The Right To Be Forgotten Implementation November 2014EU Guidelines On The Right To Be Forgotten Implementation November 2014
EU Guidelines On The Right To Be Forgotten Implementation November 2014
 
Into Focus - a benchmark guide to effective nonprofit video
Into Focus - a benchmark guide to effective nonprofit videoInto Focus - a benchmark guide to effective nonprofit video
Into Focus - a benchmark guide to effective nonprofit video
 
Net Children Go Mobile European Report February 2014
Net Children Go Mobile European Report February 2014Net Children Go Mobile European Report February 2014
Net Children Go Mobile European Report February 2014
 
Net Children Go Mobile Initial Findings From Ireland
Net Children Go Mobile Initial Findings From IrelandNet Children Go Mobile Initial Findings From Ireland
Net Children Go Mobile Initial Findings From Ireland
 
An exploration of e-safety messages to young people, parents and practitioner...
An exploration of e-safety messages to young people, parents and practitioner...An exploration of e-safety messages to young people, parents and practitioner...
An exploration of e-safety messages to young people, parents and practitioner...
 
Safer Internet Day 2014 LiveStream Schedule #SID2014
Safer Internet Day 2014 LiveStream Schedule #SID2014Safer Internet Day 2014 LiveStream Schedule #SID2014
Safer Internet Day 2014 LiveStream Schedule #SID2014
 

Último

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Último (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

EU Cookie Directive Report On Compliance In The UK And Ireland

  • 1. White Paper: EU Cookie Directive - A User-Driven Assessment of Online Compliance in the UK and Ireland UK and Ireland EU Cookie Directive: A User-Driven Assessment of Online Compliance in the
  • 2.
  • 3. Abstract This paper discusses research by Espion Group into the current state of EU Cookie Directive compliance among prominent UK and Irish websites. The findings clearly indicate that there is still great variation in treatment of the directive. While some sites have taken a proactive and responsive approach to the legislation, a larger majority of those assessed have yet to comply in a clear and explicit manner. Also, it is clearly evident that UK-based websites are achieving higher standards of compliance to this directive than corresponding Irish websites at present. EU Cookie Directive - Background and Context The 2003 Privacy and Electronic Communications (EC Directive) Regulations (2002/58/EC) cover the use of cookies and similar technologies for storing and accessing electronic information on computers, mobile devices and similar equipment. A follow-up 2009 Directive (2009/136/EC) amended this directive to require website owners to obtain consent when storing cookies on a user’s or subscriber’s device. Governments across Europe were originally given until 25th May 2011 to transpose these changes into their own law. The Irish government introduced corresponding legislation alongside several other EU member states on 1st July 2011 - this is reflected in Section 6 of the Data Protection Commissioner’s guidance note here. The UK government introduced similar amendments, but website owners were given an additional 12 month period to 25th May 2012 to comply to guidelines issued by the UK Information Commissioner’s Office (ICO). Legislation Overview Key phrasing from both the transposing UK and Irish legislation includes: “A person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met..... (2) The requirements are that the subscriber or user of that terminal equipment- (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and... (b) has given his or her consent” The Irish Data Commissioner’s Guidance Notes adds that this “clear and comprehensive” information should be “prominently displayed”, “clearly accessible”, and “as user friendly as possible”. It also requires that there is “clear communication to the user as to what s/he was being asked to consent to and a means of giving or refusing consent to any information being stored or retrieved”. While most of the discussion has focussed on the standard website context, the legislation also extends to cover “other situations where information is placed on, or retrieved from, terminal equipment” - mobile applications being another example. Stakeholder Reaction to Legislation Reaction to the legislation among EU-based website owners and technology commentators has indicated much uncertainty and confusion around handling it in practice. While the directive indicates desired objectives, it is felt among many that little clarity or guidance is offered with respect to how to comply, particularly at a national level - as well as having a clear set of standards and metrics to determine when a site is compliant. EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 1
  • 4. There is also conflict around the perspective of website users - while privacy legislators are intent on increasing user awareness around use and storage of cookie-related information, site owners claim to have experienced little or no complaints or issues from patrons, and hence are questioning the necessity of such legislation. There are also questions around jurisdiction - for example, do non-EU corporations need to comply for within-EU site sub-domains? Or does consent have to be gained from site users based outside the EU? In particular, the technical implications around what can be regarded as user consent to cookie use and storage is still a gray area. For example, some argue that requiring upfront prior consent via pop-up dialogs would impact negatively on site uptake and use, as well as being technically difficult due to the fact that some cookies (e.g. analytics cookies) have already loaded prior to users accessing the home landing page and agreeing to, or rejecting the consent message. Despite these uncertainties among others, fines for non-compliance are severe - for example UK regulators can enforce fines of up to GBP£500,000 for failing to comply. Phased Enforcement and Implementation While a stated legal yardstick exists, policy developers at EU and national levels have stressed that cookie-related compliance is a moving process, and hence should also involve a continued, phased campaign of improvements in cookie-related policy enforcement over time, driving corresponding refinements and improvements in websites and applications by technology stakeholders. As mentioned, an important overarching objective of the legislation is to increase consumer understanding about cookies and online privacy in general. More specifically, this includes alerting users to cookie use, explaining to them how they work, and ensuring that even the most non-technical users can access clear information on how they are applied on an individual case basis for the websites and applications that they use. Issues around cookie use (and similar technologies) are viewed by policy developers as a core element in allowing users to feel in control and comfortable about their overall privacy online. In response, website and application guardians will need to provide ever-increasing transparency over their data collection and usage in relation to cookies and similar technology use going forward. While the present compliance bar is levelled at providing consumer access to clear information, future pipelined legislation amendments could attempt to address more challenging aspects of cookie compliance such as:  Greater emphasis around issues such as how individual cookie types will be audited.  Ensuring that cookies are used appropriately in applications in a way that is minimally invasive and respects user rights and online privacy.  Achieving more explicit and effective approaches to user consent.  Leveraging more enhanced support for cookie compliance at the browser-level. For example, despite industry resistance, Microsoft has shown increased desire to disable user tracking features, the recent Internet Explorer 10 launch being one example. Assessing Existing Website Treatment of Cookie Compliance Following the recent completion of the 12-month grace period for cookie compliance in the UK, Espion carried out a high-level analysis of the current state of compliance among influential, high-traffic websites, both in the UK, and also across a similar sample of key Irish-based websites for comparative purposes. In tandem with the core policy thrust of increased consumer privacy awareness and understanding, this analysis focussed on assessing cookie- EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 2
  • 5. related content and its availability to site patrons, both technical and non-technical users. Hence, while Espion has carried out detailed cookie audits on a per-site basis for individual clients, such analysis represents other advanced, “back-end” compliance considerations that was not the core focus for this analysis. Key assessment goals included:  To understand the current overall status of cookie compliance among influential websites.  To assess the accessibility of cookie-related info, i.e. is it “readily available”, “prominently displayed”, and “easily accessible” in line with legislation wording.  To understand and rate the quality of the cookie-related information provided - i.e. is it “clear and comprehensive”, and “as user friendly as possible”. Also, understanding if it is clearly categorised for technical and non-technical user audiences.  To understand if and how websites are achieving user consent - either via prior (explicit) consent or implied consent methods.  To get an overall understanding of cookie types and categorisations being reported in cookie statements. Other key study methodology details include:  100 websites assessed as part of study o 50 of these were domestic UK-based sites, 50 were domestic Irish-based. o By “domestic” this means that the study excluded UK or Irish domain subsidiaries of foreign sites (e.g. google.co.uk, or ebay.ie). Similarly, it excluded Irish subsidiaries of UK parents and vice versa (e.g. ulsterbank.ie whose parent is UK-based RBS). o All the 100 sites were chosen on the basis of having to comply with the directive. While almost all prominent commercial sites use cookies to the extent that they would need to comply, a small number of exception sites claimed to not use cookies, or at least “strictly necessary” cookie types only, hence they were excluded. o Websites were chosen using the UK and Irish “Top Sites” rankings provided by Alexa (www.alexa.com). o Assessment was carried out on 28th/29th May 2012 using Google Chrome web browser (Version 19).  Cookie Information Quality Grading: To assess the quality of the cookie-related information provided, each website was given an arbitrary A, B or C-Grade rating based on inclusion of the following details in their cookie-related information o Explicit mention that the site uses cookies. o Clear, non-technical explanation of what cookies are. o Clear and categorised explanation of cookies types used on site, including:  High-level, non-technical categorisations such as those suggested in ICO guidance documentation (e.g. “strictly necessary”, “functionality”, “performance”, “browser experience”- related, “analytics”, “advertising/targeting”, “session vs. persistent” and so on).  Detailed categorisations focussing on individual cookie identifiers and related explanatory info. o Clear instructions on how to opt-in or opt-out of cookie tracking EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 3
  • 6. Findings Overall, the results clearly indicate that prominent UK-based websites are achieving higher standards of compliance to the Cookie Directive than corresponding Irish websites at present, with much diversity in implementation of the directive. Provision of Cookie information As mentioned, all the chosen sites to be tested were required to comply with the directive. While all UK-based sites tested provided at least some form of cookie information, there were four Irish sites that failed to provide any cookie-related information at any level (Figure 1). Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Required to comply? 50 50 100% 100% 100% Cookie information provided? 46 50 92% 100% 96% Figure 1 - Provision of Cookie Info (Irish and UK Sites), Summary Cookie information “clearly accessible, prominently displayed”? In line with key legislation wording and guidance, Figures 2 and 3 summarise the degree to which provided cookie information was “clearly accessible” and “prominently displayed” throughout the sites tested. Figure 2 summarises the site location of such information, with only one-third of websites providing an explicit Cookie Policy Statement. Another 58% provided cookie information nested as part of the site’s Privacy Statement. A small minority (4%) included cookie info as part of the Terms and Conditions section. However there was a significant difference on a regional basis - only two of the Irish sites (4%) provided explicit cookie statements, compared to 31 of the UK sites (62%). Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Explicit Cookie Statement 2 31 4% 62% 33% Nested in Privacy Policy 40 18 80% 36% 58% Nested in Terms & Conditions 3 1 6% 2% 4% None Provided/Not Applicable 5 0 10% 0% 5% Totals 50 50 100% 100% 100% Figure 2 - Location of Cookie Info, Summary The findings in Figure 3 involved examining the number of user actions necessary to find cookie information from each site’s landing page (with necessary clicks or scrolling actions counting as individual user actions). Only a quarter of sites overall provided access within one action (Figure 3), with the majority requiring either two or three user actions. Most Irish sites (78%) provided access via privacy statements located at the bottom of landing pages, requiring three separate scroll-click-scroll actions to locate cookie information. UK sites fared better, with 46% (23 sites tested) providing the most direct accessibility to the information. EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 4
  • 7. Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Accessible within one user action 2 23 4% 46% 25% Accessible within two user actions 5 16 10% 32% 21% Accessible within three user actions 34 8 68% 16% 42% Four or more user actions 4 3 8% 6% 7% Not Applicable 5 0 10% 0% 5% Totals 50 50 100% 100% 100% Figure 3 - Accessibility of Cookie Information from Landing Page, Summary Quality of information provided - “user friendly, clear and comprehensive”? This assessment involved grading the clarity and comprehensiveness of cookie-related information provided based on the information categories mentioned earlier (Figure 4). Sites achieving a Grade A rating provided all of the following information below (based on subjective Espion criteria aligned to the legislation wording):  Explicit mention that site uses cookies.  A non-technical explanation of what they are.  Clear non-technical categorisations of cookie types used.  Detailed itemised technical explanation of individual cookie IDs provided.  Clear opt-in/out information provided. Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Grade A 1 14 2% 28% 15% Grade B 6 28 12% 56% 34% Grade C 38 8 76% 16% 46% Not 5 0 10% 0% 5% Applicable Totals 50 50 100% 100% Figure 4 - Cookie Information Quality Ratings, Summary Most of the sites with Grade B ratings were rated lower on the basis of providing less clear categorisations - either providing high-level categories without detailed information of individual IDs, or vice versa where detailed ID-level technical information was provided without more intuitive, non-technical, categorisations. Most Grade C sites failed to provide any attempt at comprehensively detailing the cookies used and providing any form of clear categorisation. Overall, 25% of the sample provided at least some information of individual cookie IDs (Figure 5). 15% achieved Grade A ratings (Figure 4) – this included 14 UK sites and just one Irish site from the sample. A further one-third of the sample were Grade B, with over half achieving Grade C or lower. EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 5
  • 8. Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Yes 4 21 8% 42% 25% No 46 29 92% 58% 75% Totals 50 50 100% 100% 100% Figure 5 - Provision of Info at Cookie ID Level, Summary Approaches to Acquiring Consent The majority of sites assessed resorted to achieving implied consent via URL links (with the words “consent” used liberally in such cases) (Figure 6). 12 UK-based sites were more explicit, providing clearly visible banner or pop-up notifications of cookie usage to users - typically on the first site visit and removing the notification on later visits. None of the assessed sites adopted a prior consent notification. Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Implied consent via banner or pop-up 0 12 0% 24% 12% Implied consent via URL link 42 38 84% 76% 80% Prior consent (pop-up) 0 0 0% 0% 0% None/Not Applicable 8 0 16% 0% 8% Totals 50 50 100% 100% 100% Figure 6 - Approaches to Achieving Consent, Summary Compliant or Not? While definitively determining some aspects of compliance to the directive is still a grey area to an extent, Espion combined some of the discussed metrics to define a simple arbitrary metric to determine levels of compliance among the sample, at least from the user perspective. In order to be rated as compliant, sites had to meet both of the criteria below:  Provided cookie information (either via Privacy Policy or explicit Cookie Policy statement) is accessible within two user actions or better from site landing page  Quality and comprehensiveness of cookie-related information is rated to be of Grade A or Grade B standard Irish Sites UK Sites Ireland (%) UK (%) Overall (%) Compliant* 1 33 2% 66% 34% Not Compliant 49 17 98% 34% 66% Figure 7 - Rate of Compliance to Directive* * Based on subjective Espion metric calculation. Also assumes that Cookie statement information provided on each site has been audited and corresponds accurately with underlying web application It is clearly evident that compliance rates among UK sites is much higher based on this calculation (figure 7) two- thirds of this set achieve compliance based on this criteria, whereas only a single Irish site (2% of sample) is compliant - equating to 34% compliance across the entire sample. EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 6
  • 9. Conclusion Clear distinctions exist at present between prominent UK and Irish websites in relation to compliance to the Cookie Directive. Despite Irish legislation wording, and its intent that it is not sufficient to solely provide the required information in a statement of terms and conditions or a privacy policy, the overwhelming majority of Irish-based sites assessed have yet to go beyond this. On the other hand, corresponding UK-based sites have paid greater attention to legislation wording and requirements and many have reflected these more clearly in their implementation of the directive. Greater attention to the directive across UK media sources, the allowance of a more explicit grace period, and the availability of assistive compliance guidelines appear to have contributed to compliance efforts there. More Info For more information on this research, contact Seamus Galvin, Espion Research at +353 (1) 210 1711, or seamus.galvin@espiongroup.com For more information on Espion’s cookie compliance and Information Security services, contact us at +353 (1) 210 1711, or info@espiongroup.com EU Cookie Directive: A User-Driven Assessment of Online Compliance in the UK and Ireland Page | 7
  • 10.
  • 11. About Espion Espion are Corporate Information specialists. We work with organisations across all industries and business functions to provide advice and assistance relating to the holistic compliance, protection and management requirements of their most valuable asset – information. This allows our clients to focus on their core business and ultimately achieve greater success. Espion Headquaters The Penthouse, Block 2 Deansgrange Business Park Deansgrange, Co. Dublin Ireland +353 (01) 2101711 www.espiongroup.com