Cookies and EU regulation – what you need to know

Introduced in 2012, the EU’s regulations for the use of cookies on websites have been somewhat controversial. For those who are unsure, cookies are small pieces of personal data created and stored on a user’s machine when they visit a website. They are used for everything from maintaining a user’s website login session, through to gathering information on how a visitor navigates a site, even tracking someone’s online habits for use in advertising. And these EU guidelines are designed to control this use in an attempt to give people power over how their personal information is stored and used.

Interruption of user experience

The initial solution to this was to require every website to request permission from every visitor before setting cookies. There were a few problems with this however, chief being the interruption of the user experience with cookie information on every website visited, the most prevalent implementation being an in-page popup.

The initial requirements of the guidelines were that users gave permission to set cookies, but soon many users became ‘banner blind’ to these popups and sites being unable to function correctly. Luckily, this was eventually softened to just informing users which cookies were being set, allowing sites to function correctly when a user didn’t click their assent. However, this means cookies are still set without consent and that the user experience is still being interrupted by the popups – not an ideal situation.

Who should be responsible?

In reaction to this, the European Commission has concluded that the existing regulations have failed to reach their objectives and has created a challenging and costly implementation for businesses.The latest plans are designed to address this by moving responsibility for cookies consent away from the website to the web browser or mobile app it is being viewed on. The advantage? Removing the requirement for cookie popups on websites as depending on implementation the visited site could instead look at the preferences set in the user’s web browser to decide which cookies to set. Certain types of cookies could even be blocked automatically by the browser itself, if the correct settings were in place.

One size doesn’t fit all

There are some issues with this approach. It is very much a one-size fits all solution and may still prevent some sites from functioning correctly, especially if users don’t fully understand what they are blocking/disabling. It can also be difficult to tell the purpose of a cookie being set as there is little to tell an ‘advertising’ cookie from a login cookie or website analytics cookie, beyond the eventual usage of the data. It’s this inability to tell the difference that also has potential to impact the user experience of a website, especially if the blocking of cookies is done by the browser instead of selective setting of cookies by the website. There is also the possibility every app will require cookie settings to be configured on installation, leading to a similar interruption in user experience as the one currently impacting websites.

Overall, the idea of regulating the storage and dissemination of personal data gathered by cookies is a good one, but the wide variety of their usage and the inability to differentiate between this makes it near impossible to put into practice. Until there is a way to tell a ‘login’ cookie from an ‘advertising’ cookie, the only fool-proof approach is to either block or allow all cookies via a setting in the browser. Leaving the implementation of this to the websites themselves, especially is a way that isn’t visible to the end user as the new proposals suggest, can only harm those sites that comply while giving an advantage to those that don’t or aren’t required to such as non-EU sites not covered by the regulations.

Arrange a .conversation

Find out how OneAgency can help market your business by calling us on 01603 252555 or fill in a contact form here.