tony.richardson, May 9th, 2012
On May 26th 2012 the 12 month lead-in period to comply with the EU E-Privacy Directive will come to an end. This has led to a last minute rush by businesses to understand what is being asked of them and how they can become compliant.
The law
The law dictates that a Cookie must not be set unless the following prerequisites have been met:
- The User or Subscriber is provided with clear and comprehensive information about the purposes of the storage and access to the data stored in the Cookie.
- The User or Subscriber has given his or her consent
There are no definitive criteria for what information must be provided; just that it must be clear and sufficient so that the user can comprehend the consequences of what they are consenting to.
What is the impact?
All business websites in Europe must comply. However, a recent online survey of 1600 web users found that only 23% of people surveyed would be happy to say yes to having cookies stored on their machine. This would have a negative impact on the use of many widely used features such as analytics software, social media and website advertisements.
User Consent
Current guidance suggests that “consent must involve some form of communication where the individual knowingly indicates their acceptance.”
An ‘opt-out’ policy prompting users for their consent after cookies have been set will likely lead to non-compliance and relying on the principle of implied consent may create ambiguity as far as the law is concerned.
Enforcement
Business websites not in compliance by the end of the deferral period may have the following imposed on them:
- Information Notice – Notice for information to be provided by the business to the ICO.
- Undertaking – Commits a business to a particular course of action.
- Enforcement Notice – force a business to take an action within the notice period.
- Monetary Penalty Notice – Monetary penalty of up to £500,000.
The IOC guidance makes a number of high level design suggestions for presenting the user with the necessary information and obtaining their consent for saving cookies to their device.
Next steps…
Mando recommend all website owners carry out an audit of what cookies exist on their site so that they can update the websites Privacy Policy with a list of website cookies being used and their purpose. This is good practice and shows that a business is aware of the legislation and is attempting to comply.
Following this, you must decide how you want to acquire user permission to store cookies on the user’s machine. Methods of implementation will differ on a case by case basis but suggestions fall broadly across the following two options:
1. A Prominent Widget The more people who give their consent to cookies being used the more valuable a site becomes. Therefore a prominent widget which instantly appears on a user’s screen once they land on a website ensures users either accept or decline cookies at the start of their visit.
2. A more subtle request Some website owners may object to a prominent widget on their site as it interferes with the user experience, therefore they may choose to have cookies disabled as standard across their site and a more subtle request for user permission in the header or footer of the website. This approach will have a greater impact on site functionality and analytics data.
Analytics
If visitors fail to opt in or indeed opt out of cookie compliance this could have serious negative effects on your ability to report on site traffic and engagement through Google Analytics. It could negatively affect the reporting to your organisation, your ability to accurately measure ROI on your marketing activities or understand conversion performance.
Mando Group can monitor the impact of any cookie compliance measure on your analytics traffic and report to you instantly the moment site traffic shows signs of a negative down turn. This will allow us to be agile in our response to the solution and suggest improvements to foster greater opt in.
For more information and to discuss options for your specific website please contact managedservice@mandogroup.com
No comments yet Filed under: Managed Services
tony.richardson, June 22nd, 2011
What is schema.org?
On June 2nd 2011 Schema.org was announced, this is a new initiative from Google, Bing and Yahoo to create and support a common vocabulary for structured data markup on web pages. This will allow site owners and developers to learn about structured data and improve how their sites appear in major search engines. The site aims to be a one stop resource for webmasters looking to add markup to their pages.
What has changed?
Historically Google would use the meta description field to populate the search results snippet. As more people became aware of this Google changed their approach to look at the content of a whole page and decide for themselves the most relevant piece of text to display in the snippet description based on the keyword used to pull up the results.
What does it mean for you?
For a while Google have been experimenting with ‘rich snippet’ markup, this is HTML markup that provides more information to the search engines on what a particular piece of content is on a page. The announcement of the three main search engines Google, Bing and Yahoo agreeing to use this markup in there results moving forward is a significant step and is applicable to all websites. Failure to start using this markup will mean that over time those that do will supersede those who do not as their content will appear more relevant as a result of using correct markup.
What can be done?
It will take a period of time to identify if this has any significant impact on search, therefore it is unclear at this stage how important this mark-up language will become in the future. Please be aware if a website does not have any microdata, this will not stop the website appearing in search engines. If you would like to include this markup on your website as part of an SEO strategy please contact managedservices@mandogroup.com to discuss your requirements.
No comments yet Filed under: Managed Services
tony.richardson, June 22nd, 2011
As you may be aware a new EU Cookie directive came into force on May 26th this year. This directive requires end user consent to the storing of cookies on their computer. Cookies are used on the majority of websites to track user’s online activity from the capturing of e-Commerce data through to Google Analytics tracking code.
Websites have been given one year to comply with the EU directive (http://www.bbc.co.uk/news/technology-13541250) and at present it remains unclear in the industry as to which cookies will require opt in/opt out confirmation and what level of action is required.
A key component of the new legislation is that users should be fully informed about the information being stored in cookies and that that the storing or accessing of information on the end user computer is only permitted if the user has given his or her explicit consent, thus establishing an opt-in requirement for the use of cookies.
The Information Commissioners Office (ICO) is responsible for overseeing and enforcing the legislation and as a result have applied their own solution to their website here http://www.ico.gov.uk/
Mando’s view
The responsibility for drawing up guidelines has fallen to the department for Culture, Media and Sport (DCMS). The DCMS has announced that enforcement is likely to be delayed pending further consideration, such as working with browser manufacturers in relation to enhanced settings. “We don’t think it is appropriate for enforcement action to be taken while solutions are being developed,” said a spokesman for the DCMS.
However, it is very important to do something as it is possible to fall foul of the law now. Should the ICO receive a complaint about a website they would expect an organization to be able to demonstrate that they have considered the specifics of the law and have a realistic plan to achieve compliance. Consider this in much the same way as any risk assessment that you might have to prepare in a health and safety type matter.
What should you do next?
Mando Group is currently reviewing the options available for those websites we support. Whilst we are waiting for an official line, in the short term we recommend:
- Investigate and understand the cookies that are used on your site. If you require assistance Mando Group can help run a report on your website for this, it is imperative that you identify all cookies.
- If the cookies on your site perform activities that can be considered an infringement of personal privacy, then consider removing these cookies if you do not have a mechanism in place to retrieve consent from visitors.
- Assuming you only use non-harmful cookies on your site, meant to optimize the browsing experience, you should include an explanation of what cookies are used on your site in the “Privacy Policy” applicable to the site. We have included a suggested paragraph below. The Privacy Policy should direct the user to browser options to turn off cookies, if that is required. It is good practice to make the Privacy Policy visible from all pages of the site.
- An example can be found on the ICO website updated privacy statement on cookies here http://www.ico.gov.uk/Global/privacy_statement.aspx particularly the section providing users with detailed information on how to delete and manage cookies.
- For those websites with member login functionality you may want to consider applying an opt-in disclaimer at the login / registration stage of your user journey.
Not all of these measures force the site visitor to explicitly give their consent, however these measures will inform site visitors that their consent is being given to use of both your website and associated cookies. This indicates that you have paid attention to the new legislation and are taking steps toward subsequent measures.
Suggested text for your privacy policy
A ‘Cookie’ is a piece of information that a website sends to your web browser which helps the site remember information about you and your preferences.
‘Session’ cookies are temporary pieces of information which are erased once you exit your Web browser window or turn your computer off. Session cookies are used to improve navigation on web sites and to collect statistical information.
‘Persistent’ cookies are more permanent pieces of information that are placed on the hard drive of your computer and stay there unless you delete the cookie. Persistent cookies store information on your computer for a number of reasons, such as retrieving certain information you have previously provided (e.g. login passwords), helping to determine what areas of the website helping to determine what areas of the Web site visitors find most valuable, and customising the web site based on your preferences.
This site uses <<include what is applicable to your site>> for the purpose of <<include what cookies are used for on your site>>. As such, they are not harmful in any way. Should you wish to disable cookies, you can do so by changing the security options in your web browser.
More information here: www.allaboutcookies.org
No comments yet Filed under: Managed Services
