As you may or may not have heard recently, ICO, the Information Commissioner’s Office, were all set to enforce a EU cookie law on the 26th May, but a last minute decision was made to defer this for 12 months after a number of concerns were raised.
If you work with any websites and are familiar with cookies then you may understand the issues that may arise when trying to gain consent to store cookies on visitor’s computers – which is what the EU law was trying to bring in to play:
(2) The requirements are that the subscriber or user of that terminal equipment –
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information;
(b) is given the opportunity to refuse the storage of or access to that information
As an agency that both develops and optimises websites, we were concerned about the cookie regulations as no clear guidelines had been set about how they expected people to gain consent (even if it is going to be a challenge for them to enforce it). Thankfully, the (wise) decision to defer this ruling for 12 months means that web browsers, among others, now have time to work on a sensible solution for adhering to these new regulations.
With the above said, however, we’ve still been thinking of ways that cookie consent could be gained from users visiting websites that we work with.
Potential Examples of Implementation
One of the biggest potential issues with the cookie law is that obtaining permission from users to store cookies could come across as being intrusive. If, for example, somebody who isn’t too familiar with the internet and general web practises, then a lightbox message (or similar) asking whether the website they are visiting are free to store information could be instantly countered with a firm “no”.
The ICO website itself implemented a rather last minute looking solution that can be seen when visiting their website (found at the top of the page), which is quite frankly a bit rubbish. To gain consent from users, however, there are some creative ways which we could potentially go about it – some of which have been explored below.
When visiting some age-sensitive websites (no, not porn) such as alcohol related ones, there is often an age verification that takes place prior to allowing access to the website.
Coupling the request to store cookies with a solution like this would provide a much less intrusive means of gaining cookie consent, as the request could be seen below the input fields for the age.
Along with a simple one line request to store cookies, a link could be provided to view the full details of what cookies will be stored and for what reason.
The advent of social media with websites such as Twitter and Facebook have led to an increase in websites asking for people to log in with their social accounts when visiting various pages on a site, and this could be another creative means of asking for cookie consent.
Although you can’t specify cookie requests once the logging in process takes place, you could ask prior to a user proceeding to a social login.
(apologies for the Burberry example, I couldn’t find a better image!)
To provide a more personalised browsing experience to visiting users, social integration can be used to aggregate your friend’s activity and other social stats, and this kind of integration could be used to gain cookie consent at the same time.
For websites that are most efficient when serving location-specific content (such as the car search facility on eBay Motors), cookie consent could be gained in the initial stages when asking for the postcode (or similar).
Prior to a user being able to browse the website, a message could be displayed that explains that the best experience could be gained by first selecting a location (and agreeing to cookie access).
Obviously all of the above examples are either holding pages or lightbox implementations that are primarily used for something other than cookie consent. There may be some legal issues (?) piggybacking off features such as Facebook Connect, but I don’t see any reason why you shouldn’t be able to kill two birds with one stone (or a single click of a button, in this case).
When (if) the EU cookie law does become enforceable in the UK next year, then there is the likelihood that a browser-side solution will be common among surfing users, which would certainly save a lot of webmasters from unnecessary headaches. If there is still the need for a consent-seeking solution on websites then it is likely that large websites such as Facebook will adopt earlier than most, which may allow a bit of piggybacking to take place based on how well they implement their solution (ie. use a similar solution to Facebook as people will be familiar with theirs due to how well used it is).
To summarise the new cookie laws, a timley video has been released by the chaps at Silktide which I suggest you watch (found below):
What are your thoughts? Have you come across any good examples of websites asking for cookie consent? How do you plan on reacting to the EU regulations when they do come into force?