As well as being used to remember important data such as password and login details to enable sites to provide users with a better online experience, cookies are used by marketers to gather browsing history and link click data which can then be used to tailor search remarketing campaigns (PPC).
Potential lost traffic and revenue, the shear amount of work involved in becoming compliant and the fear of fines for non-compliance have been hot topics of conversation in the digital world for some time now. A lack of clear advice or guidelines from the Information Commissioner’s Office (ICO) on what constitutes compliance has also meant that many businesses have struggled to get to grips with exactly what is required of them.
This 11th hour amendment marks a frustrating end to a stressful year for webmasters, particularly those who have acted, in good faith, to implement somewhat risky solutions such as pop-up windows to gather explicit consent, which many understandably fear will lead to a decrease in site traffic and therefore revenue. A recent survey by E-Consultancy reported that 82% of businesses thought that compliance with the directive would have a negative impact on business.
Does this last minute change of heart mean that the ICO is throwing in the towel in the face of what appears to be inevitable defeat…? 3 days after the deadline for compliance only one of the UK’s top 10 ecommerce sites (according to IMRG Experian Hitwise Hot Shops Feb 2012), John Lewis, has any kind of clear, visible message on their homepage regarding cookies and privacy, and this itself is only a more prominent link to a page explaining their privacy and cookies policies:
Seeking to explain their position and stress the importance of compliance in an interview with the BBC, Dave Evans, group manager for the ICO, argued that businesses had been given sufficient opportunity to become compliant:
“Up until now, if we received a complaint about your website we would point you in the direction of our guidance. Given that everyone has had a year [to comply], we’re going to shift from that kind of approach to one which will be very much more focused on those people who don’t appear to have done anything and asking them ‘why not?”
So what actually is the current situation? Well without some more clear instructions from the powers that be it’s difficult to say. If a site makes no steps towards compliance they risk a penalty from the ICO, however if they do implement a radical change in order to comply then they risk losing intelligence, visitors and even revenue. Despite the new 2012 deadline having come and gone, the changes you need to make on your website are very much dependant on the type of cookies installed. The level of invasiveness of the cookies in use is likely to affect the type of solution you implement. At least for now, webmasters are able to use the new ‘implied consent’ approach which previously was a particularly grey area in the legislation.
It should be noted that Search Laboratory is not in a position to provide legal advice and this blog should not be taken as guidance on how to comply with the legislation. It is your responsiblity to read and understand the guidance.
For more information please visit: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx or you can watch the latest video with answers to some of the key questions about cookies release by the ICO (May 2012):