At the recent Westminster eForum event (see previous), there was a visible reminder of the disparity between what industry players are hoping the situation is (or will be) and what the reality actually turns out to be. This is a dangerous situation, and as Chris Graham cheerfully commented, "there's going to be a smash".
The reality is, as Mr Graham reminded us, that there is a law, now active in UK which requires websites to give notice to users about what cookies they will encounter and allow users the opportunity to decline any that aren't essential to providing the service. Whether or not the website elects to provide the service to non-cookie-accepting users is up to them. The IAB Ad Choices initiative with which I've been closely involved is a nice solution...unfortunately not to this problem. :(
This is conceptually easy enough to set up - however it does mean EVERY website including some kind of pop-up, bubble, banner or gateway page to provide this mechanism. That's a lot of effort and industry expense. It also glosses over the complex area of the various players dropping cookies. Explaining the complex web of relationships involved in retargeting, behavioural targeting, and inter-company cookie-syncing to a user would be hard enough, but requires the industry to be clear on it first - which it isn't, frankly. The language of any of the guidance, including A29WP's "clarification" is not explicit enough on how to cope with the cookies of not just third parties but 'fourth parties' and so on (i.e. third parties involved in the chain by the action of another third party higher up the chain).
Even the law firm currently advising companies on how to comply with the law is a little woolly: If purely in UK, audit and document the cookies used; then refresh the site's privacy policy. Also, wait for a browser-based solution. If you're working across EU...then it's a complex nightmare.
There seems to be an awful lot hanging on some kind of browser-based solution. However there is no stated roadmap for this beyond some kind of update from DCMS on their discussions with browser manufacturers, due in March 2012.
The obvious conflict with what has gone on so far is the ICO's view on the UK alone, while industry cares about the situation across Europe. Developing solutions for UK which may not work for Netherlands, Germany etc would be a waste, and the prospect of the EU rethinking the whole situation if the implementation of their directive ends up being a fragmented mess is clearly tempting as it could mean getting off scot free.
Next post - how it's possible to solve the riddle (but it's not a free lunch).
No comments:
Post a Comment