The Law of Cookies

About a year ago the EU directive on the use of cookies online came into effect. The idea was to give consumers a better understanding of what information was being collected about them and how it was being used. Which seems like a noble motivation. Many experts said that the law was unworkable and ineffective – even as they scrambled to implement it on their sites. Others pointed out that it was unenforceable outside the Netherlands.

Screen Shot 2013-07-14 at 12.14.39 PMThe Dutch requirements are, it seems the toughest, and implementing them means we now collect more information than we used to, and store it longer. Because the law requires a strict opt-in Dutch sites tend to use splash pages or white boxes before letting you see their content – such as this example from RTL Netherlands. RTL is a pan European company, their other sites do not force this on their visitors – but the cookie law implementation varies across the EU.

The cookies we set on our site serve three functions;

  1. remembers which language you want to use to read the site
  2. remembers your response to a disclaimer (we include some information that is not supposed to be for the US market)
  3. collect (anonymous) data on your visit so we can improve the site

We didn’t want to force people to opt-in so it’s optional. Not surprisingly most people don’t which means that on return visits they may need to re select their language, and they may need answer the disclaimer multiple times – and this applies to visitors outside the EU. We now do not get enough data to analyse the site.

There’s no good solution to this; either we annoy visitors with the forced opt-in, or we don’t collect enough data to analyse our site, or we don’t comply with the law. It’s a frustrating situation to be in. Particularly as we know from other research that 90% of visitors will leave the cookie acceptance on the default setting – even if that is the highest setting.

The ICO, the organisation responsible for the enforcement of the cookie law in the UK, announced a change to their use of cookies earlier this year, effectively moving to an opt-out model. For UK sites the cookie law is a vestigial form; you need to disclose how you use cookies but specific opt in is not required. Here’s a helpful timeline of the developments in the UK.

For Dutch companies the requirement remains unchanged, full opt-in is required and companies must collect proof that visitors have opted-in (that’s the extra data we’re now collecting about you). There’s no indication from OPTA (the Independent Post and Telecommunications Authority – the organisation charged with enforcing the law – part of the Authority for Consumers and Markets), that any change is planned. However Dutch site “Marketingfacts” reported that a bill amending the cookie law was presented to parliament on 20 May (Article only in Dutch). The proposed changes would allow analytical cookies and those needed for the operation of the site to be set based on implied consent provided the data collected did not have an impact on privacy.

The bill has been through a consultancy phase and it will now be up to the minister to decide whether to submit the bill to the lower house. Like many of those working in digital industries I am hoping this bill goes through.

Advertisements

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s