Most websites have yet to show any intention of complying with the EU’s new online privacy law, the so-called “cookie directive”. With six months to go until regulators start handing out punishments, it is time to make a new year’s resolution to show what you are doing.
Since May 2011, websites have been required by law to seek web users’ consent before placing cookies on internet browsers to track the sites they visit. But in the UK the Information Commissioner’s Office (ICO) was lenient enough to give a 12-month grace period so companies could work out how to do it, before the regulator starts enforcing the law with sanctions.
Now, though, it seems the ICO is getting irked by the lack of progress. Like an impatient schoolteacher, information commissioner Christopher Graham last week issued his half-term report on efforts at compliance. The advice: “must do better”.
In a blog on the ICO website, he writes: “People have not been slow to express their alarm at what this new rule means but they have been slow to demonstrate what they are doing to comply.”
Indeed, the silence on this subject reverberates around the online industry. Few digital marketers or professionals in other relevant fields seem to be speaking with any confidence about what they plan to do. And those that have indicated progress remain secretive about what it looks like.
At Marketing Week’s 1-2-1 Data-Driven Marketing Summit in November, Tesco Bank head of customer analytics John Halpin said that 90% of Tesco’s sites are not yet compliant, but that this is because the technology Tesco is working on has not yet been rolled out onto them. So Tesco is doing something, it is just not saying what. It is not clear how many companies have even got this far, though.
There seems to be little commercial advantage gained in keeping such plans under wraps. It is one area in which a “public beta”, where development continues after launch, would surely be a good thing, so the ICO can affirm that the solution is along the right lines. Leading lights like, presumably, Tesco ought to be showing the way rather than hiding under a bushel.
The ICO itself deserves similar chiding, though. On his blog post, Graham tucks away all the practical pointers as to how compliance might be achieved in a 27-page PDF of official advice, written in a garbled pidjin language of legalese mixed with tech-speak.
Though he notes that some companies have shown progress with innovative and impressive approaches, he declines to give specific case studies. And that is despite pointing out how much more useful these would be than a speculative step-by-step explanation of what you could do. Would it really be more onerous to link to simple online examples than to draft and redraft unreadable documents?
The business world’s reluctance to roll out their solutions to the cookie problem is mostly down to their uncertainty about what they need to do. So Graham gets a C-minus for clarity and practicality.
But none of this changes the fact that websites not adhering to the law will be vulnerable to fines of up to £500,000 from May. And even before that, the ICO says it will expect companies to have a compliance plan in place, in case the information commissioner receives a specific complaint.
Whether or not these laws ultimately prove to be enforceable, those who resolve to comply now are likely to avoid the unwanted attention in the new year.
In the meantime, why not take the time over the holiday to have a think about what you could enter into Marketing Week’s Engage Awards next year? This column will be back on 10th January, so until then have a very merry Christmas.