How do we balance consumer concerns about the collection and use of their online information while those same consumers have an insatiable appetite for digital content and services that are paid for by data-driven advertising and marketing models?
This question is never more apparent than in the challenge we face to comply with the revised European Union ePrivacy Directive by 26 May, now transposed into UK law as the amended Privacy and Electronic Communications Regulations 2011.
Ed Vaizey, the UK Communications Minister, recently described the directive as a "well-meaning regulation that will be very difficult to work in practice".
Thankfully, the UK Government has chosen a pragmatic approach, recognising that data is the "fuel" of our industry's growth. It knows that cutting it off would be short-sighted and would stall the progress of the UK's digital economy, the world's leading internet economy, according to a recent Boston Consulting Group report.
But - whether you think the law is good or bad - organisations must still comply, and the UK Government has been working in partnership with industry and browser manufacturers to deliver what it calls "an ecology of solutions".
What does this mean?
First things first, we should be very clear on what the new law does not mean as there is much misleading information.
The UK is not introducing an "opt-in" regime where consumers have to click on a pop-up to allow cookies (or other technologies) being dropped on a site. This would be out of sync with the UK's pragmatic approach and consent can be achieved in different ways.
Second, we should also be clear that this law - nicknamed the "Cookie Law" - is not just about cookies. It is about any technology used to collect and process information on a user's device. And for those taking a "server-side" approach, take care: it is still advisable to work with the new law rather than trying to circumnavigate it. This approach will only undermine those working towards compliance and developing good practice.
What should businesses do?
There are no hard and fast ways on what you should be doing to comply: your approach will depend on your activity and, despite views to the contrary, there are many examples of good practice out there for you to review and follow.
Whatever you do, document it all, because the Information Commissioner's Office - the UK data protection regulator that will enforce the new law - has been keen to stress that, in the event of a complaint, it will be looking for proof of efforts.
What is the practical impact?
All the activity around the new law prompts fundamental questions: will these changes make any difference to the average consumer's experience? Should the advertising and publishing sectors be worried about the changes that need to be made? How will it affect their businesses?
First, many consumers do not know or understand what is happening on their devices and why it is important and beneficial to them. Therefore, we need to inform those who want to know more.
We all have a part to play in educating consumers about why data is so important to the content and services that they enjoy; why it makes it better and relevant; and how they are able to control the collection and use of data. Later this year, the advertising industry will be launching a pan-European campaign to inform consumers about what the new self-regulation icon means, and what choices they can make in response.
Second, there is a broader lesson here for industry about building trust. This law is a wake-up call. It is a clear signal from policy-makers in Europe that the internet industry needs to show it can be trusted to police itself, using innovative tools and approaches that are fit for our fast-moving world.
Securing this trust - and, more importantly, the trust of consumers - will ensure that we will have the freedom to grow our businesses for the future.
MAKE SURE YOU ...
- Context is king. Consider ways to achieve informed consent in a contextual way. This will depend on what activity you are seeking to derive consent for. A way to do this is via a one-time "banner overlay" or pop-up using simple language explaining how people can control cookies or other technologies.
- Join the EU advertising self-regulation programme. If you are a third party active in behavioural advertising (including retargeting), you should be involved in the EU self-regulatory initiative. As part of this, businesses are rolling out an icon in ads linked to clear information and mechanisms of control. Publishers can also host the icon on their web pages. If you're an agency or advertiser, you should ensure your data partners are involved. If you want to know more, go to: www.youronlinechoices.eu/goodpractice.html.