EU Cookie Directive – Why it might not be so bad
Oh great, another article about tracking and cookies. Well, yes, and I have frankly heard the arguments enough over the last few months, too. But why would anyone want to implement a law against cookies, and why might it be a good thing? Is it really all about behavioural advertising?
Wandering around the supermarket
Imagine, if you will, wandering around your local Tesco or Sainsbury’s and every time you stopped to look at something on the shelf a little bit of data was stored that recorded what you had looked at, and referenced that against your Clubcard or your Nectar Card. Perhaps the card has a small chip inside that the supermarket tracks around the store, so they can tell what aisles you have walked down, where you stop, what direction you are facing when you stop and so on. Pretty much every behaviour you have in-store, recorded and logged against your personal Clubcard or Nectar Card account.
Now I’m not suggesting that either supermarket goes this far in their tracking. But how would you feel if they did? Would you change your shopping habits? Would you feel more drawn to supermarkets that don’t have such loyalty cards? Would you stop using your loyalty card, perhaps simply leaving it at home? Or would you be happy with Tesco or Sainsbury’s knowing what products you have looked at but not bought, what magazines you had picked off the shelf to browse through, what medicines you had looked at?
These loyalty card schemes already track what you actually buy. Tesco and Sainsbury can target their direct mail advertising to you based on your buying habits. Those money off vouchers that arrive in the post are not random – that is behavioural advertising.
You may be comfortable with that, and that’s fine. In the confines of a supermarket’s stock range, there isn’t a huge amount to be embarrassed about buying. But what if this data were to be shared to other advertisers, or what if other buying data from elsewhere were linked to your Clubcard or Nectar Card account? In fact that is already the case for the Nectar card, as you can use this across different outlets, including online only outlets like Amazon, eBay, and Expedia. So in reality, you can give Sainsbury’s access to your online buying habits at these stores.
Data about your buying and shopping habits is already rife within business and influences marketing that you receive. I’m willing to bet very few Nectar points collectors have ever considered what data Sainsbury’s might hold about them.
Of course, there is a trade-off. Earn Nectar points, spend them on travel, food, electronics or groceries. Sainsbury’s, and the other participating businesses, are buying your data from you.
Wandering around online
Online, websites track users through websites, often (but not always) using cookies. The purpose of the cookies might vary – they are used to ensure that a website remembers that you have logged-in, or that you have added something to your shopping cart, and these functions would not work at all well without cookies. In short, cookies are primarily used so that a website knows that you are the same person that just viewed a different page on the site a few seconds ago.
Cookies can also be used to store data about you, such as a password, but this is so insecure that it generally isn’t done, and certainly not by reputable and security conscious businesses, although they are much more likely to set a cookie to say that you have logged in, and to keep you logged in persistently (i.e. for much longer than just this visit – Facebook is an obvious utiliser of this policy).
Cookies are not loyalty cards
Cookies themselves are not equivalent to Nectar Cards and Clubcards. Cookies generally do not know who YOU are. They don’t know your address, or how many kids you have. They just link up data about you.
However, what cookies do is enable sites to link the bits of data they do have about you together, if you enable this. Log into a shopping site with Facebook, and it is likely you are giving that shop data about what you like, who your favourite music acts are, what TV shows you like and so on.
Some cookies are set and travel with you across different websites enabling tracking services for ad networks such as Double Click and Specific Media to know what kinds of websites you look at. Not just what you buy. Not just what you choose to give data to, but what you simply look at.
But who is being tracked?
Furthermore, they’re not tracking you. They’re tracking the website browser you use. What if you share your computer with someone else? Deleting cookies when you are done doesn’t always help. Some advertising networks have chosen to create cookies that are virtually undeleteable – often called zombie cookies, as they seem to rise from the dead and recreate themselves.
What if you share a PC with your kids, but in the evening, when they have gone to bed, you like to watch horror films or violent thrillers through an online film subscription service. What if you participate in forums that are about, say, tattoos and body art that by definition may contain nudity, even though it isn’t of a sexual nature. Heck, what if you actually do watch porn in your own free time? All the while, you might be being tracked by ad servers that might choose to serve ads based on your browsing history.
Horror, or Messi?
Now clearly, the ad networks that show ads on the Disney Channel website will be filtering out inappropriate ads for your kids, but what about news sites, forums, social media, video sharing sites, games sites and so on? Can you be sure that ad network X that knows you like horror films doesn’t trigger a horror film pre-roll trailer on a video site that your kids are using to watch that great Lionel Messi goal from the other week?
This is the kind of thinking that has driven the EU Cookie Directive, and in those terms it might seem quite sensible.
In fact, I’d go so far as to say that most people are uncomfortable with the idea of their behaviour being tracked, even if it didn’t put their kids at risk of seeing blood or boobs.
It’s like 10,000 spoons, only actually ironic
There was a veritable uproar on Twitter at the beginning of April, when news broke that there were plans to allow GCHQ access to emails and social media in real time. Many of those posting sarcastic “#telldaveeverything” tweets were people in the digital marketing industry (see this, for example). Many of those same people are up in arms about the EU Cookie Directive, or the fact the Google no longer passes all keyword data through to Analytics. I’ll have my irony with chips, thank you :-).
The point is that we are in the midst of the biggest shake up of liberty in Western Europe, perhaps since the French revolution. This unchartered libertarian ground is terrifying those who might control our data. The legal ramifications might be dramatic. That is why even Bing will leap to Google’s defence about the ‘not provided’ issue (see around about the 36 minute mark).
As individuals, we want to be free to do what we want to do, look at what we want to look at, and listen to what we want to listen to, unimpeded by those in power. We are uncomfortable with CCTV, although we see a crime fighting benefit. We are terrified of identity theft. We are concerned about what inappropriate materials our kids might have access to.
But as businesses, we strive for more data about our customers – we want to know what they like, what they don’t and what makes them want to buy.
Cookies enable us to track users and give us that data, but users are understandably uncomfortable with the idea of being tracked.
It is now less than one month until the end of the twelve month period that the ICO has given UK businesses to comply the EU Cookie Directive, which came into force of 25th May 2011.
Realistically, if you comply with the letter of the legislation, how many of your customers do you anticipate happily opting in to being tracked? I don’t expect it will be many.
Perhaps there is a lesson to learn from the Clubcard and Nectar points – as a marketing industry we have to give Internet users something back as a reward for opting in.
What the Internet is really for
And on that note, as a reward for reading this far, here’s Avenue Q explaining why some people might not be so keen on being tracked.