What’s a cookie and why should you care? Essentially, it’s a form of website tracking, be it monitoring browsing behavior, purchasing patterns or your activity on the wider web.
- Tell your website visitors that cookies exist on your site.
- Explain what the cookies are doing.
- Obtain consent from your website visitors to store cookies on the device they’re browsing your site with.
The directive is open to intepretation and the approaches to compliance vary. Some have opted for a pop up message to ask you to opt-in to cookies before you browse a website, others have added a small reference to cookies within their footer navigation. The safest approach is to comply fully with the directive with a full opt-in process. However, this is a worry for many site owners reliant on tracking to fully evaluate their online marketing activity.
The determining factor on which approach to take seems to be the interpretation of ‘obtain consent’. The emerging common approaches can be categorised as ‘explicit consent’ or ‘implied consent’.
Explicit consent is probably the safest approach – to have a visitor to your site explicitly state that they accept you tracking their activity on your website through the use of a pop up, small message on your homepage, checkbox etc.
Implied consent is the approach many have taken – referencing cookies (either with a small message on the site homepage or a link within a sub navigation etc) and that continued use of a website authorises the tracking of visitor activity.
Whilst statistics on cookie consent are emerging, many believe that having a prominent warning on your site that data is being tracked isn’t going to aid conversion or encourage browsing.
The travel, tourism and hospitality response to the cookie law
So how should you adapt your site to comply with the EU cookie law? Should you opt for explicit or implied consent? Unfortunately there’s no definitive answer. It varies by both the type of data being tracked and the subsequent use of the data. Understandably it seems that overly intrusive or unethical use of data will be top of the ICO‘s hit list.
It’s useful to evaluate the current approaches by some of the major players in travel, tourism and hospitality.
Hotels.com, Travelocity, Kayak, Skyscanner, Travelrepublic, Timeout, VisitLondon, VisitWales and the Northern Ireland Tourist Board also use approaches that could be interpreted as implied consent.
It’s clear that many have opted for the implied consent route. That doesn’t neccessarily mean that it complies fully with the ICO guidelines, but it does set a precedent for other sites and perhaps, your site.
But what does the ICO have to say on the matter? In a recent interview with popular online marketing blog, Econsultancy, Dave Evans of the ICO stated “…if sites make it clear that they are using cookies, and continued use of the site means that you are accepting this, then this is a valid approach.”
Your interpretation of ‘make it clear’ may be to have a cookies page featured in your sites navigation at the foot of the page, or it may be to include a visual message once (or repeatedly) when a user visits the site.
So you’ve decided that you want to feature a cookies page on your site. What should you include on that page?
“This depends. The main point to get across is why cookies are being used, for analytics or whatever, I think most web users just want to be reassured that nothing untoward is going on. This is more important than listing the different types of cookies in detail.” Dave Evans, ICO.
Interpreting this, it would seem you needn’t labour at length about the exact purpose of every cookie. Simply reassure your websites visitors of your approach, why you track their behaviour and what benefit this provides them. You may be tracking their data to provide a better service or product offering; tell them.
I’m not interested in cookies. I’m going to ignore all of this.
The ICO seems to be taking a fair approach to compliance, provided you make an effort to comply in some form. They seem quite sympathetic in their enforcing of these new guidelines. Add a cookies page to your site, make it navigable from a homepage, or ideally throughout the site and it appears you should be compliant; provided you’re not doing anything untoward with the data you’re obtaining.
Ignore the Privacy and Electronic Communications Regulations and you could end up worse off than if you made a few simple changes to your site. When challenged by Econsultancy on the outcome of a site ignoring the regulations, ICO’s Dave Evans concluded “Waiting for that letter from the ICO is not a good idea. The solution we agree with you may not be as good as one you could have volunteered yourself.”
Find out more about cookies, read the full interview between Dave Evans and Econsultancy or delve into the details of directive on the ICO website.
About the author
Sam Weston is an internet marketing consultant based in Edinburgh and technical partner of Smart Tourism.