the trouble with cookies: will your website be illegal in the uk in may?
DESCRIPTION
On May 26, 2012, the United Kingdom (UK) will start enforcing a 2011 EU law regarding website cookie use and consent.This directive has website owners, developers and advertisers around the world confused and worried. This deck helps to answer questions companies may have and suggests steps that can be taken towards compliance.TRANSCRIPT
HANSON DODGE CREATIVEMaking the world more active.™
The trouble with Cookies: Will your website be illegal in the UK in May?
04.25.2012
©2012, Hanson Dodge Creative. All rights reserved. HDC / Making the world more active.
Overview......................................................................3What are Cookies? Why use them?.................................4The Cookie Law.............................................................5The upside of the Cookie Law.........................................6The downside of the Cookie Law.....................................7How to get consent........................................................8How does this affect U.S. companies?.............................9How to protect your company.......................................10To learn more, we recommend......................................13Resources & Thanks......................................................14
Table of contents
2
©2012, Hanson Dodge Creative. All rights reserved.
Overview
On May 26, 2012, the United Kingdom (UK) will start enforcing a 2011 EU law regarding website cookie use and consent
• Brands are like people — emotional connection happens over time through meaningful conversations. Cookies are an important tool in creating these conversations online. However, in 2011 the European Union (EU) passed a law in 2011 requiring EU websites to get users’ consent before using cookies.
• How will this affect your business and your ability to build the relationships that are vital to your long-term success?
This directive has website owners, developers and advertisers around the world confused and worried
• To help our clients, HDC User Experience Director, Bridget Butch, delved into the complex and nebulous E-Privacy Directive (or “Cookie Law”)
• We hereby offer the following insights about cookie use, the Cookie Law and how this new privacy directive may affect your business
3 HDC / Making the world more active.
©2012, Hanson Dodge Creative. All rights reserved.
What are Cookies? Why use them?
A small file downloaded onto your device when you visit a website Cookies “remember” data from one screen to the next
• e.g., registration, login, personal preferences, items placed in shopping carts
Website owners use cookies to:• Understand where website traffic is coming from• Track user preferences/behavior on their site• Recommend products and content based on users’ preferences or interests
Third-party partners (e.g., advertisers) use cookies to track user behavior across sites Users worry that personal data collected by cookies over time will be sold or exploited
4 HDC / Making the world more active.
©2012, Hanson Dodge Creative. All rights reserved.
The “Cookie Law”
A new EU legal requirement — Directive 2002/58 on Privacy and Electronic Communications (aka “E-Privacy Directive” or “Cookie Law”) — goes into effect on May 26, 2012 Online businesses must obtain consent before sending cookies to UK website visitors’ machines Law has not yet been adopted across the entire EU — but the UK requires web businesses to comply as of that date
5 HDC / Making the world more active.
©2012, Hanson Dodge Creative. All rights reserved.
The upside of the Cookie Law
6 HDC / Making the world more active.
“It is a proactive measure to protect website visitors from online surveillance that tracks, stores and uses personal info for unethical or criminal activity. The fact is that data, once it is brought into existence, has a creepy way of getting about, being repurposed for commercial gain, or otherwise misused. Google, with its control over Adwords, Analytics, Gmail and a host of other services, has the means to track much of our activity online — not that it chooses to exercise that power, and laws exist to discourage it from doing so. The legislation was brought in to begin to inhibit the reach of corporate interests into private lives. By and large that’s to be applauded.”
– Mark Steven, .net magazine
©2012, Hanson Dodge Creative. All rights reserved.
The downside of the Cookie Law
7 HDC / Making the world more active.
Interrupting a visitor’s website experience with pop-up windows or distractions greatly increases the chance a visitor will leave the site
• The ICO (UK commission in charge of enforcing the Cookie Law) experienced a 90% drop-off rate when they added a cookie consent banner to their site
EU businesses fear non-EU businesses will have an unfair advantage attracting sales and engaging visitors Web design, development and analytics fear cookie rejection will create functional issues; make visitor behavior difficult (or impossible) to quantify and analyze Advertisers fear inability to use cookies without consent will compromise their ability to target ads
©2012, Hanson Dodge Creative. All rights reserved.
How to get consent
Those setting cookies must:1. Tell visitors that cookies are being used2. Explain what the cookies are doing3. Obtain visitors’ consent to store a cookie on their device
8 HDC / Making the world more active.
©2012, Hanson Dodge Creative. All rights reserved.
How does this affect U.S. companies?
9 HDC / Making the world more active.
This is the trouble with the Cookie Law• U.S. companies that market primarily to EU customers must comply
with the law• U.S. companies who market to the U.S., but whose sites are available
in the EU? Hmm...• EU cannot reasonably enforce this outside the EU; no standard legal
mechanism across borders• Even web giants like Google don’t know how to comply
Legal exception: cookies that are “strictly necessary to provide a service the user requests” (e.g., Add To Cart) do not require consent
• No standard definition of “strictly necessary”
©2012, Hanson Dodge Creative. All rights reserved.
How to protect your company
10 HDC / Making the world more active.
HDC is not a legal advisor; however, we can offer the following suggestions:
1. Consult your legal advisor immediately• Ensure that your site is compliant with current international privacy laws
2. Set up Google alerts• “E-Privacy Directive” or “Cookie Law” for updates or revisions to the
EU law• “Consumer Privacy Bill of Rights” for the latest on U.S. privacy legislation
3. Audit your site(s) to identify cookie types you use• Which are necessary to browse, purchase products or analyze traffic?• Which are strictly for third-party marketing/advertising?• Be prepared to gain consent or remove cookies in the future
©2012, Hanson Dodge Creative. All rights reserved.
How to protect your company (continued)
11 HDC / Making the world more active.
4. Carefully review your Privacy Policy• Start today• Schedule regular reviews and updates to ensure it is based on current
privacy legislation
5. Ask your customers for input about online privacy• Survey your customers about new privacy initiatives before you
launch them• Address concerns quickly/proactively
6. Continually strengthen your relationship with your customers• The stronger it is, the more they will share personal information
©2012, Hanson Dodge Creative. All rights reserved.
How to protect your company (continued)
12 HDC / Making the world more active.
7. Face privacy issues head on• Privacy issues will not go away if you ignore them • Consensus and regular discussions about privacy are an important part
of organizational leadership and growth• Technology evolves rapidly; our understanding of privacy requirements
has to evolve as quickly or faster
©2012, Hanson Dodge Creative. All rights reserved.
To learn more, we recommend:
13 HDC / Making the world more active.
Information Commissioners Office — Guidelines For Compliance <http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx>
Silktide — Definitive Guide to The Cookie Law <http://silktide.com/cookielaw>
Malcolm Coles — EU cookie law: Four examples of sites already implementing it <http://www.malcolmcoles.co.uk/blog/eu-cookie-law-examples-of-sites-already-implementing-it/>
©2012, Hanson Dodge Creative. All rights reserved. HDC / Making the world more active.
Resources & Thanks
14
©2012, Hanson Dodge Creative. All rights reserved.
While researching this article involved many dozens of online resources, we want to especially thank the following for helping us better understand this very complex subject.
• International Commissioner’s Office (ICO) website. <http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications.aspx>
• The Cookie Collective. <http://www.cookielaw.org/>
• Silktide. http://silktide.com/cookielaw
• Global Regulatory Enforcement Law Blog. EU Data Protection Regulation <http://www.globalregulatoryenforcementlawblog.com/tags/eu-data-protection-regulation>
• .net magazine. “Cookie law: the gnarly truth” <http://www.netmagazine.com/opinions/cookie-law-gnarly-truth>
• ars technica. “White House announces new privacy "Bill of Rights," Do Not Track agreement” <http://arstechnica.com/tech-policy/news/2012/02/white-house-announces-new-privacy-bill-of-rights-do-not-track-agreement.ars>
• ComputerWeekly.com. “How to comply with the EU cookie law” <http://www.computerweekly.com/guides/How-to-comply-with-the-EU-cookie-law>
• Eloqua. [Chart] 90% of Visitors to EU Cookie Law Site Don’t Opt-in <http://blog.eloqua.com/chart-tracking-drop-off/>
• Oxford Digital Marketing. “EU Cookie law and Google Analytics” <http://oxforddigitalmarketing.co.uk/15205/eu-cookie-law-google-analytics/>
15 HDC / Making the world more active.
©2012, Hanson Dodge Creative. All rights reserved. / MEC RFP / 04.12.12 HDC / Making the world more active.
Bridget Butch, User Experience Director
Bridget is a strategic thinker, adept at understanding the client’s, team’s and user’s goals for each website or online communication. With a collaborative approach, she then proposes solutions via working and final UX documents. She provides our clients and teams a documented roadmap for structuring and building websites that meet both client and user goals.
Hanson Dodge Creative is America’s leading active lifestyle agency. The full-service firm specializes in helping global brands attain market leadership through the strategic integration of world-class branding, relationship marketing, social media, e-commerce and advanced interactive technology. Clients include Wilson Sporting Goods, Trek, Wolverine, Briggs & Riley Travelware, Thule and Kmart. Established in 1984, Hanson Dodge Creative is located in Milwaukee's Historic Third Ward. For more information, call 414.347.1266 or visit www.hansondodge.com.
16
About the author
With 14 years’ experience and a solid information architecture foundation, Bridget oversees HDC's User Experience (UX) discipline. She identifies user requirements and translates brand, marketing and technical requirements into practical maps and documentation. Bridget’s responsibilities include — but are not limited to — user reseach (primary and secondary), usability testing, UX strategy, user stories, IA documentation (site maps, wireframes, functional specifications) and content strategies.