A Regulated Internet: Online Privacy, Analytics and the Dreaded Cookie

Posted on 15. Feb, 2012 by in Stats & Trends, Thoughts



Keep Calm and Carry On

Or: How I Learned to Stop Worrying and Love the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011!

With the introduction of the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations on cookie use and user consent a mere two and bit months away, it’s no surprise that approaches to compliance are a hot topic, both in discussions with clients and around the office.  Naturally enough, the principal concern among both parties is the same: what does this mean for my analytics?

Last week, fellow bigmouth Neil Hutson shared his thoughts on “cookie-geddon”, highlighting the possibilities for alternate means of acquiring tracking data and touching on the growing belief that the law, as it currently stands in principle, will be unworkable in practice. Having recently completed both a cookie review and compliance recommendations for one of my clients, I’ve been giving the matter a lot of thought lately and, in particular, I’ve been increasingly interested in looking for comparable scenarios from which we might learn.

Is it enforceable?

As Lamar Smith, the RIAA and others might reluctantly attest, regulating the internet is far from easy. The intrinsic merits of any such efforts aside, attempts to police the incalculable number of websites that might fall under the auspices of a given law are likely to be hamstrung by an inability or unwillingness to commit the resources required to do so effectively. This, incidentally, is probably one of the main reasons why SOPA sought to make a shift from having to prosecute individual instances of copyright infringement and instead undermine the entire mechanism by which copyright can be infringed – in other words willingly throwing the baby out with the bath water:  the existing measures proved to be too much trouble even for an industry with formidable resources and lobbying power. Similarly, it strikes me that the administrative realities of enforcing the cookie law are likely to result in a far more moderate law in practice than in theory.

Stop press: As if by magic, eConsultancy has today published an interview with Foolproof’s Meriel Lenfestey in which she describes the ICO’s task as “almost impossible” and the law itself as “too onerous to be practical”.

But even setting these doubts aside, there are in my opinion reasons why the law should succeed, at least in some senses, and why website owners and SEO practitioners could continue to implement ethical means of collecting and interpreting traffic data.

Making informed choices

In my opinion, it’s quite right that the general public should be encouraged to make informed choices about the information they reveal, who they reveal it to and the uses to which it is ultimately put. As it stands, it’s my impression that most people have at best a vague idea of what cookies are, the data collection methods (ethical and otherwise) employed by websites, and online privacy and safety generally. That’s not a criticism: when you think of the rate at which the internet has developed, it’s no surprise that the degree to which it is understood among the general public lags some way behind the willingness to use it. Whether or not the new law is the best means of bringing about the changes this implies is certainly debatable, but the point remains.

A key problem in all this is that, as a culture, we often have rather inconsistent attitudes to our privacy. For example, 90% of visitors the Information Commissioner’s Office (ICO) website declined consent for cookies, presumably because they valued their privacy, or at least their notion of privacy, more than they valued whatever benefits and functionalities allowing those cookies might confer. Elsewhere, Search Engine Land reported this week on a survey which revealed a whopping 84.5% of respondents that were uncomfortable with Google’s personalised search results, partly because it entails losing a degree of privacy.

Yet on the other hand, nearly half of the UK’s population uses Facebook, willingly handing over far more information than any analytics package could ever collect – name, email address, age, geographic location, image, names of friends and acquaintances, employer, favourite products, films and music – in exchange for functionalities that are available elsewhere for a far lower cost in terms of privacy. So clearly concerns about privacy aren’t so deep rooted as some data would seem to suggest.

1984 and all that

Mobile phone tracking notice at Princesshay shopping centre

Mobile phone tracking notice at Princesshay shopping centre

Another interesting comparison is the use of mobile phone tracking in many of the UK’s shopping centres. There was a minor outpouring of indignant rage here in Exeter ­– and ultimately, and very briefly, in the national media too – when someone noticed that the city’s Princesshay shopping centre uses a system called FootPath, which relies on tracking mobile-phone signals to monitor the flow of foot traffic through the centre. No personally identifying data is collected and shopping centre owners argue, plausibly enough, that the information is invaluable for planning and management. In other words, very much like website analytics.

In the end, despite local news site This Is Devon hysterically reporting a boycott in protest at this “’big brother’ spying” (though interestingly without attributing this threat to anything more specific than “shoppers”), the story lasted all of a day and it was business as usual at Princesshay. I don’t know how many people now turn their phones off before setting foot in the complex, but I’m going to hazard a guess that few, if any, do.

Is there life after May 2012?

The point in all of this tangential waffle is that there are several very powerful forces at work here, and at the heart of it all is a lack of understanding, along with perhaps an inertial tendency to take the path of least resistance, which leads to contradictory behaviours and attitudes. My conclusion is that if the law is enforced to the letter ­– and remember that’s still a big ‘if’ – then in all likelihood people will either become more educated about online privacy and make more considered decisions about it, trading a degree of privacy for websites better optimised to their desires, or perhaps more likely the issue will lose prominence and things will return more or less to how they currently are.

Whatever the outcome, I believe it is incumbent on us – the Internet industry – to take this as an opportunity to educate the general public on what cookies are and how web analytics data are used. In order to do that, we need to be engaging and upfront about a complex and not always very exciting topic.

Tags: , , ,

  • Pingback: EU cookie law: UK government crumbles? « Christian Louca

  • Glynn Davies

    Thanks James. I absolutely agree about education, but I’m not terribly optimistic that we’ll see that happen. Though I think major players should be taking a lead on this by trying to comply with the law and by encouraging a broader understanding of the issues at the heart of it, as I say above, I fear that for now at least, we’re some way from real change.