EU and Microsoft struggle to keep users under wraps

Wednesday 18 July 2012 16.12
The cookie row continues
The cookie row continues

Last month the de facto grace period for websites to comply with the EU e-privacy directive passed with little fanfare.

Under the terms of the directive websites using cookies - small pieces of data that get logged in your Web browser - are required to notify users of their presence and that the user has the option to allow or deny them. If you don't want an online store to track your purchase history; e-mail service to remember your password; favourite website to log how many times you visit; or search engine of choice to keep track what you're looking for, you have that right.

Actually, you've had that right for 10 years but as behavioural marketing becomes the model whereby Google and Facebook target ads at its users, the importance of being able to opt out of this kind of monitoring, and making it easy to do so, is becoming a key issue. Unfortunately there are two diametrically opposed ideas on how this should be done without destroying the EU's metric-obsessed digital economy.

At the centre of the debate are the questions of how and where cookies are to be managed, an eternal trade-off between the EU's obligations to protect the population, commercial concerns of advertisers and the role of Web designers and software developers in reconciling both positions. Like any piece of technology cookies are value-free, serve many purposes, and are often central to making websites easy to use. E-commerce website like Amazon, for example, rely on cookies to make sure virtual shopping carts don't drop items as you navigate from page to page.

Cookies can also be used over longer periods of time to record your viewing history and deliver personalised recommendations, either within websites or nested in search results. Remember that album you bought in 2006? Well guess what, that same band from way back then has just released a new record and Google is fairly sure you'll love it as well. Is that a convenience or an invasion of privacy? Google would say it's the former but the EU says the latter, arguing that most people don't know such data is being collected.

So how do you reconcile the consumers' right to choose with the commercial realities of the Internet? And who should be responsible for protecting people that otherwise would have no clue as to what a cookie is in the first place and could curtail their online activities severely if they found out. Not so much Big Brother as Digital Don Draper is watching you.

Protect and serve

According to the EU, protecting and educating the public is a matter for websites to deal with. Industry bodies like the Worldwide Web Consortium (W3C), whose membership includes online advertisers, argue individuals are responsible for their own education and that sufficient measures exist in the current generation of Web browsers to block tracking cookies. But there may be a compromise at hand.

In recent weeks a third actor has entered the fray that could be an unexpected ally for the EU: Microsoft. The forthcoming Internet Explorer 10 has attracted the ire of W3C over its default 'do not track' setting - opting its users out of all marketing activities. Naturally, W3C finds this unacceptable and want a default opt-in, and it does have some commercial leverage in the matter should advertisers decide not to support the Bing search engine in favour of Google. A compromise measure of presenting the user with an option to enable 'do not track' on first opening the browser has also been rejected. Does W3C think ignorance is bliss? The evidence would indicate so.

In Ireland and the UK the situation is a lot less clear cut. Despite 92% of all websites using cookies, while estimated 95% have not complied with the EU directive, a shortcut has been found in the argument of 'implied consent' which puts the onus on the user to look after themselves - as per W3C's stance - in the interests of promoting the digital economy and preserving the user experience. A happy user is more likely to support your business and if they're happy with your service they won't mind giving up a little information about themselves - sort of like the kind of banter you would get from a helpful shop assistant on the high street.

Even if Microsoft loses the fight for user privacy with IE10 websites will have to deal with a more informed public. Offering an explicit right to choose whether to be tracked or not is hardly palatable, but if advertisers are to strike a balance between delivering a service to consumers and clients then introducing policies that acknowledge both sets of concerns has to happen. Ignorance is not bliss; it's a facilitator for cheap market research. Something to think about the next time you click the 'x' to bypass a cookie notice.

Niall Kitson is editor of TechCentral.ie www.techcentral.ie