There was a certain sense of déjà vu earlier this year, at least for those of us old enough to remember Y2K – and I hope at least some of you are! All that fuss about cookies and privacy, the doom-mongering (OK, I’ll put my hand up to some of that), and then… nothing. Well, almost nothing anyway. Last-minute guidance changes suggesting that it wasn’t going to be that big a deal after all.
It was all rather reminiscent of the morning of 1st January 2000. Apart from the worse-than-usual hangovers, there were no power cuts, no planes falling from the sky, no sign at all of the predicted apocalypse – not even a bit of mild chaos.
Of course, the outsiders’ view of Y2K was that it had all been a waste of time, since they were largely unaware of the amount of effort that had gone into making sure that precisely nothing happened. Similarly, after years and months of build-up, the May deadline for the ‘cookie law’ has been and gone, and at least superficially it seems not much has changed. The internet certainly hasn’t ground to a halt and, while most of us will have noticed some changes, it hasn’t exactly been revolutionary stuff.
But where this differs from Y2K is that it isn’t a one-off event and, in many ways, we’re only at the thin end of the wedge. Privacy concerns are not going away and, as the world shrinks and our interactions become more and more joined-up, consumers are going to become more aware of the value of their information. This is especially true of younger demographics – while they may be happy to live their lives online without much concern for privacy now, as they get older they will become more privacy-conscious.
A lot of websites played the waiting game when it came to the cookie guidelines. No-one wanted to jump first, and many waited to see what their competitors did before following suit. Although we’re now seeing more cookie warning notices popping up when visiting websites, a large number of sites are still not fully compliant.
The ICO has recently announced that they have started setting compliance deadlines for some organisations. It remains to be seen what effect this will have, but many commentators were convinced that nothing would ever actually be done by the ICO to enforce the guidelines. This was always an optimistic view at best, so instead of breathing a sigh of relief and going back to our day jobs, we should be making sure that we think about privacy and cookies in almost everything we do.
Businesses who have not yet complied with the ICO’s guidelines should now be thinking seriously about it; otherwise they could be facing meeting similar compliance deadlines from the ICO. They need to decide what method they are going to use in order to gain consent for users – the method and perhaps even the definition of consent will vary from business to business.
The most common option is a warning bar/header, which appears upon first visiting the website explaining cookies and (sometimes) offering an opt-out. The key with cookie consent is to remember that the ultimate aim is to get visitors to accept cookies and maximise opt-in, so it needs to be done in the most painless way possible.
The truth is that most visitors either don’t understand or don’t really care about cookies. Therefore, businesses are having to educate visitors about what the cookies will be used for. Many visitors are wary about the amount of information that websites collect on each individual visitor. Privacy is becoming more important on everyone’s personal agenda.
We will have to wait and see what action the ICO takes against those it has issued deadlines for and whether or not they start tracking down more non-compliant websites. My advice is make sure you’re not one of them!