Controversial Cookie Regulation - Watch the US, Not The EU
The term Cookies is one that will be used all the more regularly in the coming months, as EU regulation over their use by companies changes. Companies have so far continued to bury their heads in the sand by all accounts, despite having a year to get their house in order. In his second column, Duncan Parry, COO for International digital agency STEAK says that companies should look to the US to see how things progress in this field.
In May 2011 the EU ePrivacy Directive came into force in the UK, focusing on cookies. The ICO subsequently stated they would issue a year’s grace for brands to comply – and that ends in less than eighty days time, on 26 May.
After writing a blog post summarising my latest advice for brands on how to comply I came away with mixed feelings.
I agree consumers are still clueless when it comes to privacy and security: from leaving Facebook open for all to see to clicking any link sent to them, they are pretty self destructive at times. Something needs to be done to protect them – and educate them.
Brands can - and should – help them learn. Google and Microsoft have tried with various campaigns and by offering free security tools. The same is true of cookies and online privacy – brands can help educate the public, and act in a privacy-conscious way, too.
No brand would install a virus on a consumer’s computer intentionally; so brands should see the risk of becoming the digital equivalent of a weird bloke in a long coat following young girls home. Retargeting campaigns should be limited accordingly – limited retargeting, not creepy stalking.
Right now, though, brands seem confused by cookies, retargeting and privacy – many simply don’t know exactly what the ICO expects them to do on the cookie front that underpins so much advertising. Should they seek permission for every cookie dropped? Should they provide a long list of third party cookies users can opt out of?
Confused brands can’t protect consumers – they’re trying to figure out how to protect themselves.
The ICO and other industry bodies stated last year they were talking to browser manufacturers; that could be the easiest route to cookie compliance. But I’ve not seen any output of those UK talks – and US developments have rendered them irrelevant, anyway.
In the States, the Do Not Track initiative is gaining momentum backed by the Obama administration, with Google, Microsoft, Mozilla and AOL have agreed to voluntarily embed “Do Not Track” buttons in Web browsers. This could massively help brands– but it’s an embryonic movement and there are no details of what the FTC will require or what the final browser buttons will do. Meanwhile, May 26th looms…
Unfortunately the ICO’s advice is provided in long, grey text from December and a “half-time” report. This is the wrong approach in my opinion – marketers are visual people; they want to see ideas and visuals of how to comply. That’s why the ICO is not clearly getting it’s message through and brands are confused – it’s used to talking to lawyers and IT Directors, not marketers.
Cookie compliance will stumble on as an issue after the 26 May deadline, with some genuine offenders being publicly punished, and some “innocent” brands getting caught up in enforcement, too. I suspect the decisions made across the Atlantic by groups of software managers will have more of lasting impact on the UK citizen’s cookies than the ICO’s guidelines.
By Duncan Parry, COO, STEAK