Implied Consent is Bad for Visitors
Since the latest guidance on complying with the cookie law in the UK was published by the ICO in December there has been a lot of talk about ‘implied consent’.
We touched on this issue in a blog post at the time, but since then there have been quite a few people latching on to and promoting this idea in the belief that it enables less change to be made to a site and a less intrusive user experience.
However we believe that in practice the opposite is true, certainly when considering the user experience.
This sounds attractive because it means little change to the current status quo. However if you look at this idea more deeply, problems emerge.
The ICO makes this clear in the latest guidance:
A reliance on implied consent in any context must be based on a definite shared understanding of what is going to happen – in this situation a user has a full understanding of the fact that cookies will be set, is clear about what cookies do and signifies their agreement.
So either the notice would have to overlay all links, which effectively means the whole page, or links would have to be disabled, until the visitor has given their indication that they are happy to continue – by clicking to remove the message.
The website would then set a cookie to record that the visitor had seen the message, so that subsequent page views would not show it again.
This is fundamentally the same effective user experience as an opt-in consent approach, with one significant difference: it is much more immediately intrusive on the web experience. As a result of which it is consequently likely to lose a site many more visitors. Even if they can be all tracked, the site has just lost massive value.
The alternative, opt-in model is like this:
A user lands on a page and is presented with a cookie-less experience. Depending on how much reliance on cookies the page has, it might look almost exactly the same as a with-cookies experience.
Somewhere on the page is a notice about cookies, and a request for consent. It could be prominent or discrete, depending on the site. If the user gives consent – then with-cookies content can be loaded in. If not then the user browses, but as soon as they try to interact with cookie reliant content, they can be reminded of the need to consent so it can be switched on.
This is a much less user-intrusive approach to gaining consent, and therefore a better visitor experience – which is what ultimately everybody is looking to achieve.
This works well for the user as it gives them a least-possible disruption experience by default, rather than the forced-maximum disruption required in order to be sure that consent can be reliably implied. Even though it becomes more difficult to track each visit (not impossible), the site still retains the majority of visits, and therefore its actual value.
The question then becomes clear: Would you rather have more visitors you can’t track as accurately, or many fewer that you can?
January 13, 2017
Future of EU Cookie Compliance Webinar: ...
GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...View Article →
December 14, 2016
Draft EU ePrivacy Regulation Leaked...
A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...View Article →
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...
Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...View Article →