When we look back, 2011 will prove to have been a momentous year for tech for a number of reasons, including the first major web 2.0/social media IPOs, the death of Steve Jobs, and the release of the Kindle Fire. But perhaps the event that will have the longest lasting impact will be the introduction into law, across Europe, of the EU Privacy Directive.
This is a document that covers a vast number of issues relating to privacy, from storing credit card details to cold-calling but the one that has caught the attention of many, and has arguably caused the most confusion, is how it relates to cookies, the small pieces of code commonly used on the web to allow sites to track user history. In fact, attention has focussed on cookies to such an extent that, in many people’s eyes, the legislation is now known as the cookie directive.
The guidelines were brought in due to apparent concerns about the growth in behavioural targeting, where ads are shown to users based on their web history (i.e. the sites that they’ve visited): it was felt that this was an invasion of privacy and needed to be legislated. As is often the case though, when rules on technical issues are written by those who don’t fully understand the areas they are legislating, the resulting laws are, to put it mildly, slightly unclear.
There has been, and will continue to be, a lot of discussion around what type of consent consumers have to give in order for cookies to be used; whether there should be distinctions made between tools like analytics (understanding if parts of your site are scaring customers away), basic ad tracking (being able to distinguish which ads drive the most visitors), retargeting (placing ads in front of people who visited your site but didn’t complete a purchase) and actual behavioural advertising (BA). Because whilst the legislation was designed to tackle BA, it has unwittingly swept up all of these other issues as well.
I was reminded of all of this after reading an article in The Observer by John Naughton in which he suggests that the use of such cookies by advertisers is ‘abuse’. Whilst it’s particularly worrying that a tech correspondent at a paper like The Observer should have an attitude like this, particularly one who is a Professor of the Public Understanding of Technology at the Open University, it goes to show that we, as an industry, need to do a lot more to educate people about cookies.
Because the facts are that the information they gather is anonymous, they help to make the web work better, they enable advertisers to spend their budgets better (which reduces inefficiency) and generally enable people to make money online, something that we should be encouraging as so many other industries struggle. Web companies have, it must be admitted, often played fast and loose with data and privacy, but that should, and is changing.
In the UK, Google has partnered with the Citizens Advice Bureau on a campaign that explains how cookies are used and what they actually do. The IAB, in partnership with companies including WPP (Mindshare’s parent company) is attempting to educate consumers as to how and when cookies are used, as well as looking to work with the EU to find a realistic solution that doesn’t end up with a web littered with pop-ups.
And, here in Ireland, we’re working with the IAB and the Data Protection Commissioner to try to help local businesses understand what the legislation means for them, which is why we’re very happy that today the commissioner announced that three types of cookies, which are essential for businesses, but pose no threat to consumers, will now be acceptable: cookies for frequency capping, web analytics and conversion tracking.
The law isn’t going to go away, but it needn’t be, and shouldn’t be, as bad as some would like to make it out.
Cookie Monster by Flavio Ensiki on flickr