No Cookies for Me ThanksBy: Richard Beaumont | Tuesday, August 30, 2011 | Tagged: Cookie Law | Leave Comment
What are you going to do when visitors don't give their consent?
This question is probably one of the biggest elephants in the cookie law room that no one wants to talk about, but in many respects it is the most important element of any cookie law compliance strategy.
In this article, I will look at the key choices website owners will be faced with in tackling this question.
No Consent, No Cookies
Despite what some commentators would have you believe, the legislation is pretty clear.
If a visitor has requested a service from your website, and providing that service requires you to set a cookie, as long as the purpose of that cookie is solely to provide that service, you need no further consent to set it.
In all other cases, which are the vast majority, you need to gain consent to set cookies. If you don't have it, and go ahead and set cookies anyway, you are not complying and therefore at risk of enforcement action being taken against you.
So the first thing you will most likely want to do when someone arrives at your site, is find out if they have given their consent.
However, if there has been no consent then you can't really know anything about them, and you have to treat them like a first time visitor. As every marketer will tell you, turning these into regular visitors is one of the most important goals of most websites.
So the question of what to do when your visitors have not given their consent, is much like the question of what you do to turn first time visitors into repeat visitors.
In this article we look at 4 ways in which websites can react to not having consent for cookies, and try to obtain that consent. Whilst we believe that all of these approaches would be compliant with the cookie legislation, they are of course largely untested from both a legal point of view as well as their effectiveness.
Although there are many type of cookies, our examples focus on approaches to obtain consent for tracking cookies. This is not becuase tracking cookies are inherently different from any others from a technical point of view, but they are the main reason why people might withold consent.
Tracking cookies also, from the visitors point of view, rarely deliver any extra functionality or value in their own right, but they are of great benefit to website owners, and therefore there are good reasons why a site owner might consider specific techniques for obtaining consent for them.
No Cookies, No Website
Perhaps the most extreme approach is to deny all access to any functionality or content on your site, unless consent is given.
For the vast majority of people, this won't make any sense, but for some websites, especially those driven entirely by advertising or affiliate marketing revenue, it is viable. The theory here is that, if these sites can't track a visitor, then that person isn't worth anything to the business, and is just eating up server bandwidth. So unless visitors are prepared to accept cookies so they can be tracked, they might as well not be let in to the site.
Did I say it was extreme? For this kind of strategy to work, you need to be confident that most visitors will give their consent when faced with such a choice - or your business will fall off a cliff.
It therefore means that it can only really work for the strongest brands or must-visit destination sites, where the motivation to visit out-weighs the inevitable negative impact of the request message and extra click that visitors will be forced to go through to get to your content.
If you think the majority of your visitors will go through that additional step, and the cost of the lost visitors is less than the benefit of being able to fully track the remaining ones - then this could well be the solution for your site.
Carry On Surfing
Most sites will probably end up at the other end of the spectrum to the above scenario. They will ask people if they can set cookies, but if people don't, will enable them to keep using the site anyway, with minimal disruption to the user experience.
We have taken this approach with our site, as has the ICO, the UK's cookie regulator. Many of the negative commentators have used the example of the ICO website, and much publicised 90% drop in visitor statistics, to beat the drum of opposition to the cookie law. They make the argument that it is pointless to ask for consent, because so few people will give it when there is no advantage to them to do so - they can still use the website.
However, this argument misses the point. The vast majority of websites serve a purpose that remains valuable, even if you can't track visitors.
The ability to track them is more of a bonus as it helps you to understand their needs better. Since everyone has got used to the free services of Google Analytics, it has become to be seen as an almost universal right to be able to track your website visitors.
Whilst it is true that data has become the life blood of modern marketing, and digital marketing in particular, having a website still has value without it. Its just the the value becomes slightly harder to quantify (though not impossible).
Return of the Entry Page
Those of us who have been around for a few years will remember when it seemed like every website had an entry page you had to click through to get to the actual content.
Back then, the purpose of that entry page was usually to display some kind of Flash animation. When it was all new to web visitors, just having an animated entry page often provided enough of a 'wow' factor to provide visitors with a reason to click through to the main content.
I'm not suggesting the return of those pages exactly, but it may make sense for some sites to present a cookie-free landing page that provides enough content and inducement to visitors to give consent, after which access to the rest of the site is opened up, and/or once consent has been given that cookie-free landing page is skipped over for future visits.
Pay to Play
Another variation on this idea is to allow access to most of the site, but where there is content or functionality that delivers some real extra value to the visitor, use access to this as an incentive for the visitor to provide their consent. The message here being - "If you want to use our widget, please pay by allowing us to track you."
The cookie legislation has primarily been designed to redress the balance between business and consumers in terms of 'free' services and content, and the data collection that is going on which pays for it all. This approach gives visitors a direct choice between balancing their privacy wishes with their desire or need for free information and services.
By becoming compliant with the law, website owners are effectively going to have to decide how engaged they think their visitors are going to be - and how much they trust the brand.
The more they trust the brand, the less risky it is going to be to interrupt their browsing to ask for consent. Each of the approaches we have talked about here will suit sites all along that trust spectrum.
I am sure there will be other ideas people will have, and we would be interested to hear from anyone willing to share them.
I am also convinced that the decision that any website owner needs to ask themselves when considereing their consent options is, How much do my visitors really trust me?