Equi=Media attended a seminar at the Department for Culture, Media and Sport on Monday 2nd April which was jointly hosted by the DCMS and the ICO. During the seminar, talks by the DCMS, ICO, IAB and other industry stakeholders repeated much of what we have heard before.
Throughout the developments in this e-privacy regulation debate, we have continually updated our view (our previous blog is here) and we still suggest following these steps:
- Conduct a comprehensive cookie audit
- Understand the use of all these cookies on your website
- Remove any cookies that are outdated or unnecessary
- Assess the intrusiveness of the remaining cookies
- Seek opportunities for including mechanisms for cookie consent – for example wherever you already have a “T’s and C’s” consent requirement, update the T’s and C’s to include reference to your website cookie use
However, following the seminar on the 2nd April, we think it is important to make it clear that it would appear that a few large brands are set to go live with “consent” solutions that are very visible. These corporations appear to be taking a view that they want to comply with the regulation in the strictest possible sense.
Essentially it appears that website owners have a choice:
By considering the sliding scale of intrusiveness, plus by making a judgment call on how strictly you want to comply, you should be able to determine which of the approaches suits you best. When considering this, please remember that:
- The ICO will not take any knee jerk reactions; demonstrating any effort to comply will be positive
- Web Analytics cookies are not a priority to the ICO
- Those companies who go live with very visible “consent” functionality may earn public trust with their open approach, but they may also suffer from restricted tracking and reporting and choose to roll back their initial approach
If however you decide that you need move more towards the “letter of the law” then there are a few options open to you. Even if you don’t seek to implement these now, it might be beneficial to explore them as options that you can demonstrate to the ICO you have investigated.
You can look to develop your own solution as BT have done (see below). We may be in a position to work with you to help develop a bespoke solution here.
Or, you could seek to implement an out of the box solution that has an on-going license fee attached. The provider you choose will depend largely on your specific requirement and the cost you are willing to invest. Current providers include:
- TagMan: eu.tagman.com
- Cookie Collective: www.cookielaw.org
- Magus: www.magus.co.uk
- Evidon: www.evidon.com
- BT: we expect that BT will make their solution available to others through one of their partners
Please be aware that any movement you make in this direction may have significant implications on the manner in which you track and report online activity.
A test solution that is being run by BT can be seen on Bt.com. As you enter the site you should see a panel displayed in the bottom right corner:
If you do nothing at all, then this panel disappears after a few seconds and doesn’t reappear.If you wish to click on the panel, you are given 3 options:
Change settings – where you can go into a control panel to change your privacy settings for BT.com
No thanks – which simply makes the panel disappear
It seems like a reasonably effective way of providing a visible, non-intrusive opt-out mechanism for gaining consent. The key to this is that it is opt-out and will, we can assume, mean that very few people currently opt out of cookies on this site. If it was an opt-in solution then we can assume that very few would opt in!
In the footer of the page, across the site, you can also see some icons and links that refer to the privacy/cookie page again. Site visitors can access the control panel at any time from these.
The control panel itself is very informative and allows a user to manage their cookies by sliding the bar from right to left. This allows cookies to be disabled for “targeting” initially and then “functional” cookies next. “Strictly necessary and performance” cookies are not available to be disabled.
As you move the slider across, it clearly details in the lower panels how the changes will affect your browsing.
Equi=Media think this is a good initial solution, if you are a company taking a “letter of the law” approach to compliance. However, it clearly needs rigorous testing and for the impact of its presence to be monitored and analysed thoroughly.
[NB. I am not a legal expert and the opinions in this article are mine alone. Each website owner will need to make their own decisions on what is required in order for them to be compliant….but hopefully this summary is valuable in helping you make that decision].