Cookie Nightmare

CM2016_09_cookie.png

Do you know how many cookies are placed on your computer? Does it matter?

The EU directive from 2011 had companies scrambling to find good ways of notifying visitors about the cookies being placed on their computer and giving opt-out measures. There weren’t good tools around and translating the law into technical requirements was a bit of a nightmare. Ironically it led to the company I worked for collecting more information, as we needed to be able show that we’d responded to people’s cookie preferences.

There are three common approaches;

  1. Implicit agreement
    a warning is placed on a website saying that if you proceed with viewing the website you accept cookies from the publisher, this is most common on information or news sites, it seems to be more common on UK sites than Dutch sites, here’s how the Guardian presents their cookie notification, they also offer a detailed explanation of cookies.
    Screen Shot 2016-09-06 at 09.04.38
  2. Forced agreement the site is blurred out or obscured and an overlay forces you to click ‘agree’ to proceed, this is commonly used on Dutch sites, here’s the Dutch newspaper Het Parool, you only have the option to accept.Screen Shot 2016-09-06 at 09.00.53
  3. Pop-up with cookie options
    This is rarer, but some sites give you the option to choose which cookies you would like to install, usually giving you a choice of three levels of cookies. The lowest level is those required for website function, the next level relates to site measurement or personalisation, and the third level is often the advertising cookies. It’s this third level that mean you’ll see ads from the same company every time you open the internet for 30 days, no matter which page you’re on. The advertiser is collecting significant information about your site visits.

I’ve heard from web experts that the number of people adjusting the level of cookies they accept is low, less than 1%, which makes it seem a lot of work to manage cookies for a very small group of people.

However Many people manage their cookies though browser settings, it’s fairly easy to do in Chrome and Firefox,  and I suspect people really concerned about cookies and privacy take such measures.

When the ‘pop up with cookie options’ is used it’s not always clear how to find the cookie options. One of the most common tools used by companies (who often outsource the cookie management) is TRUSTe, which does give visitors control of their cookies but it’s not easy to see how.

When opening a website using TRUSTe you are presented with a pop-up that talks about “Your Choices” but is designed to push you to clicking on “agree and proceed”.  The little link to the right, that doesn’t look like it does anything is actually where you find the choices.

cookies1Here are the three choices you’ll get.

cookies2Required cookies just let the site function in a sensible way, it means the site will “remember” your language preference for example, sometimes the cookie only lasts for the duration of your visit. Functional cookies provide data on your visit and advertising cookies mean your data is going to an advertiser or media buyer – these are the cookies about which there should be the most privacy concerns.

In all the cases I’ve checked the default setting is for advertising cookies.

I changed the setting to allow only required cookies, and got a warning that the submission would take up to a few minutes.

cookies3

In fact it took less than a minute – this time.

I think some cookies, like those retaining a language preference, on-site tracking or login details, do not cause any significant privacy issues. Others, the advertising cookies, the tracking cookies, are a potential issue. Yet, despite all the good intentions of the EU directive, only one of the cookie options implemented allows you to opt out of those cookies and that’s not always easy to find.

How do you manage cookies as a visitor? I’ve put a poll up on twitter, let me know on the poll, on twitter, or here in the comments.

 

 

Header Image; Halloween Sugar Cookies  |  Annie  |  CC BY-NC-ND 2.0

Cookies

Have you ever heard of the “EU’s Privacy and Electronic Communications Directive”? Well it’s come into effect as law in the UK as of 25 May this year, with businesses having a year to comply.

Here in the Netherlands no law amendment has been made, but it will be discussed in the Tweede Kamer (House of Representatives), so I’m watching to see what the outcome will be. I don’t know the progress in other EU countries. (You can read more about the Dutch situation, in Dutch).

What seems to be required is an “opt-in” before a cookie placed on the visitors computer. Since most commercial websites add cookies for a range of purposes this will have a huge impact, and could significantly impact a visitor’s browsing experience. Imagine if every click on a site raised a pop-op informing you that a cookie was being placed and asking for you to agree or cancel. Most visitors would be quickly annoyed.

But there are other ways this could be implemented, I was visiting All Thing D for the first time. I was presented with this banner.

The promise to only present this note the first time you visit this site is met by setting a cookie, but it’s tracking cookies they are more concerned about. The “read more” link takes you to a page explaining their point of view on tracking cookies, and giving visitors information on how to remove cookies, or opt-out.

It’s a method that is more helpful to the visitor, and more visitor-friendly, but I’m not sure whether it will meet the requirements of the EU directive.

Cookies often store information about your last visit so that you do not have to re-enter information to a site, so they can be helpful – including password information on registration sites. Cookies can also be used as part of measuring traffic on the site. But they can also track all the sites you visit and send that information back to the site that set the cookie, or be used to track your viewing behaviour in order to customise the ads offered to you. The EU directive is connected to concerns at these uses of cookies.

I would definitely like to see more information available for visitors on what cookies are being set and how they are used. But endless popups are incredibly irritating for the user, so I’m hoping the ‘provide information’ option and one accept will work. Then of course there’s the question of whether visitors outside EU should have their visiting interrupted if it’s not legally required.

Expect updates.

image [cookies] /RHiNO NEAL/ CC BY-NC-ND 2.0