Six Serving Men Blog

Six Serving Men Blog

This Blog provides views and articles associated with Business & Digital Strategy.

Why cookies should be back on your agenda

Stef Elliott - Wednesday, September 10, 2014

If you have a website, web app or conduct email marketing and believed that the "Cookie monster" disappeared in the summer of 2012 - it may be sensible to reconsider.

This is particularly relevant with increasing consumer awareness of what cookies do and enable, high profile cases such as the recent iCloud hack, and planned activity to raise awareness ahead of potential new legislation in Europe.

Quick recap - background

Current situation

As the law (both stated and policed) has lagged behind the rapid development and expansion of new technology platforms, companies have been unable to clarify where they stand against specific standards e.g.

  1. Best practice
  2. Common practice - Industry standards
  3. Accepted practice - Consumers preferences (The ICO recently highlighted that reporting of consumer concerns regarding cookies has been declining)
  4. Required practice - Legally stated and enforced

Without any clearly defined specific requirements setting the “bar” individual companies have only been able to adopt a subjective view of where they sit and how they compare.

So what's changing?

The UK was the first country to enact the European legislation, but as the Information Commissioners Office highlighted in the 2014 Annual Report one of the reasons for the lack of clarity has been the ICO's capacity to define, educate and enforce compliance standards.

Whilst continental European countries did not enact the law as quickly there has been a series of events recently which have moved 'cookie compliance' back up the agenda.

  • In early 2014 the French equivalent of the ICO (The CNIL) gained new powers to conduct remote audits of companies.
  • During the week of September 15 to 19, 2014 the CNIL will participate at a European level in a "cookie sweep activity" in association with other European agencies. This will check the information captured and how user consent is obtained.  
  • From October 2014 the CNIL will be conducting audits and issuing enforcement notices against European companies.
  • Across Europe there have been a series of enforcement activities i.e.
  • The Netherlands Public Broadcasting (NPO) was deemed to have violated the rules on storing cookies and was issued with an enforcement notice to change within four weeks or pay a penalty of up to €125,000.
  • The Spanish Data Protection Regulator issued its first fines against two companies who were investigated and fined after failing to comply with the obligation to provide clear and comprehensive information about the cookies they used.

The Direction of travel is clearly towards greater focus on increased consumer awareness and greater displayed “cookie compliance.

So what should you do?

There has been a three year grace period following the 2011 law change that is potentially coming to an end.

  • Doing nothing is one choice!
  • Uninformed rushed choices are costly
  • Interactive choices can be risky if you have poor information

Therefore three questions to ask your business are:

1. What do you currently do today?

  • What web properties do you control and what’s the scope of your responsibility?
  • What existing cookies are set by you & third parties – if you don’t know then shouldn’t you?
  • Are the cookies set valid, i.e. do they serve a purpose you know and agree with, by a company you are aware of?
  • How do you communicate what you currently do with your visitors?

2. What do you want to do?

  • How does existing/planned activity impact upon your commercial model?

3.How do you then implement and maintain going forward?

  • Do you have robust policies, procedures and platforms in place to ensure ongoing compliance – if not what do you need?
Post has no comments.
Post a Comment

Captcha Image

Trackback Link
Post has no trackbacks.