Cookies and the age old privacy discussion

Web CookiesMay 25th will see the introduction of a new European directive imposing a ruling whereby users will have to specifically opt in to allow companies to place cookies on their machines. So is this a good thing?

I don’t think so. And I don’t say that with just my marketers hat on but also as a consumer. Of course, as a consumer I don’t want my personally identifiable information (PII) shared with advertisers. However here’s the problem: in general many Internet users don’t really have a true understanding of what cookies are and there just seems to be an inherent fear of them which has prompted privacy groups to complain about them for years.

So what exactly are cookies? Well they’re just small text files that are stored by a user’s browser and can be used for anything that can be achieved through the storage of text data. So recording a person’s site preferences or shopping cart contents or as a mechanism to personalise their browsing experience in some way. But what they don’t store is PII data. The cookie is generally just a unique string that means a user can be distinguished from another.

Why all the privacy concerns?

I was working at DoubleClick in 1999 when they purchased market research company, Abacus Direct. With their database of consumer catalogue transaction data, the purchase of Abacus was a move to allow marketers in both media to target potential customers more efficiently. However when DoubleClick announced their plan to bring together web surfing data and personally identifiable consumer transaction data, it was always going to cause waves. The Market reacted violently, so much so that it caused massive ripples throughout the industry that not only saw DoubleClick’s stock price drop but eventually saw them backtrack and retract their plans. However there are a couple of things that I think are worth pointing out though:

1) Firstly there was no way for DoubleClick to do the link up they were talking about without a user actually opting in. It’s just not technically possible. There was no common field or primary key between the two data sets so it meant that a user had to go to a specific web page where they could enter certain information that was in the Abacus data into a form, such as an address, name etc and then hit submit whereby DoubleClick could read in their non PII cookie on the user’s machine and do the match up. So all actually very much above board from a privacy standpoint, all with the users say so.

2) Secondly, and this i say as a consumer, if I am going to be marketed to – and lets face it advertising is all around us, especially if we are enjoying free services on the web that need to generate revenue somehow – I’d far rather see and receive advertising/messaging that is relevant to me. And the only way that is possible? Through mechanisms such as the above whereby my likes/dislikes and preferences are accessible to advertisers, albeit in a responsible and controlled way. If you really stop and think about it, I think everyone will agree, the more relevant the advertising is, the better the user experience is going to be.

What does this new e-Privacy directive actually call for?

Due to come into force in the UK at the end of May, it states that explicit consent must now be obtained from users who are being tracked via cookies. So no longer will cookie management be an opt-out process, something that has been possible in various ways for many years, but it will now require a user to opt-in before a company can set a cookie. There are some exclusions however. For instance the directive specifically excludes cookies that log what people have put in their online shopping baskets, its aim really being to limit the use of behavioural targeting. With that in mind, it also states that users be fully informed about the information being stored in cookies and told why they are seeing particular adverts.

So how is the industry handling this? Well the Internet Advertising Bureau (IAB) are going the educational route and have launched a site called Your Online Choices aimed at explaining to users exactly what behavioural targeting is. Yahoo Ad ChoicesYahoo here in the UK, seemingly the first of the big players to start introducing some the directive’s mandates, have recently introduced their Ad Choices icon on advertisements in certain parts of their site. Clicking on the icon allows users to see information about the ad and the techniques used to serve it, including the name of the brand, the agency that booked it, and the ad’s interest category. Users are also given the opportunity to manage the specific interest-based advertising categories that they’ve been assigned to and can also choose to opt out entirely of interest-based advertising on Yahoo sites.

Having said all that, the general opinion is that the directive will not be enforced come the end of May with as yet no European government having drawn up guidelines on how the directive will be implemented. I for one am interested to see what solutions we end up with, because the idea of making consumers consent to every cookie presented to them is just not feasible.