Do you know how many cookies are placed on your computer? Does it matter?
The EU directive from 2011 had companies scrambling to find good ways of notifying visitors about the cookies being placed on their computer and giving opt-out measures. There weren’t good tools around and translating the law into technical requirements was a bit of a nightmare. Ironically it led to the company I worked for collecting more information, as we needed to be able show that we’d responded to people’s cookie preferences.
There are three common approaches;
- Implicit agreement
a warning is placed on a website saying that if you proceed with viewing the website you accept cookies from the publisher, this is most common on information or news sites, it seems to be more common on UK sites than Dutch sites, here’s how the Guardian presents their cookie notification, they also offer a detailed explanation of cookies.
- Forced agreement the site is blurred out or obscured and an overlay forces you to click ‘agree’ to proceed, this is commonly used on Dutch sites, here’s the Dutch newspaper Het Parool, you only have the option to accept.
- Pop-up with cookie options
This is rarer, but some sites give you the option to choose which cookies you would like to install, usually giving you a choice of three levels of cookies. The lowest level is those required for website function, the next level relates to site measurement or personalisation, and the third level is often the advertising cookies. It’s this third level that mean you’ll see ads from the same company every time you open the internet for 30 days, no matter which page you’re on. The advertiser is collecting significant information about your site visits.
I’ve heard from web experts that the number of people adjusting the level of cookies they accept is low, less than 1%, which makes it seem a lot of work to manage cookies for a very small group of people.
When the ‘pop up with cookie options’ is used it’s not always clear how to find the cookie options. One of the most common tools used by companies (who often outsource the cookie management) is TRUSTe, which does give visitors control of their cookies but it’s not easy to see how.
When opening a website using TRUSTe you are presented with a pop-up that talks about “Your Choices” but is designed to push you to clicking on “agree and proceed”. The little link to the right, that doesn’t look like it does anything is actually where you find the choices.
Required cookies just let the site function in a sensible way, it means the site will “remember” your language preference for example, sometimes the cookie only lasts for the duration of your visit. Functional cookies provide data on your visit and advertising cookies mean your data is going to an advertiser or media buyer – these are the cookies about which there should be the most privacy concerns.
In all the cases I’ve checked the default setting is for advertising cookies.
I changed the setting to allow only required cookies, and got a warning that the submission would take up to a few minutes.
In fact it took less than a minute – this time.
I think some cookies, like those retaining a language preference, on-site tracking or login details, do not cause any significant privacy issues. Others, the advertising cookies, the tracking cookies, are a potential issue. Yet, despite all the good intentions of the EU directive, only one of the cookie options implemented allows you to opt out of those cookies and that’s not always easy to find.
How do you manage cookies as a visitor? I’ve put a poll up on twitter, let me know on the poll, on twitter, or here in the comments.