When the European “Cookie law” first reared its head in 2009 the web suddenly became littered with attention grabbing notices about cookie use. Whether we were concerned about cookie use or not user experience became punctuated with pop-up messages humbly informing us about these small data files being stored on our hard drives.
Whilst many sites still display these notices, many chose not to (and others chose to mock the whole ordeal). With no sign of the law being enforced many site owners assumed the issue had gone away.
Fast forward to summer 2015 and the cookie pop-ups are coming back. Sites that previously laughed at the law are now proudly popping up their notices. Even websites run from outside the EU are now confounding their visitors with talk of cookies. Interest in Cookie policies hasn’t just re-surfaced, but has spiked. Why the sudden interest?
There’s a new sheriff in town
The EU has now drafted in help from one of the few organisations that most website owners are guaranteed to pay attention to: Google.
There is no official line on whether this unexpected collaboration came from Google’s desire to respect the data choices of EU citizens or as a result of being kicked around the EU courts like a cheap football. Whatever the background, Google are now making clear recommendations about cookie and data sharing notices, and threatening to enforce them.
It seems that the EU have told Google to do more to ensure that users give consent for cookie use and data sharing that happens in relation to Google products. As those products are used on other people’s websites it comes down to the website owner to ensure that permission is granted by the user.
What websites need to act?
To date notices have only been sent to websites that use Google’s monetisation products; AdSense, DFP and AdX. All sites serving any of those products to users in the EU are expected to be compliant with the new EU user consent policy by September 30th 2015.
Google specifically state that this applies to websites with users in the EU. Sites run from outside the EU but serve visitors who are in the member states also need to comply. If that sounds like the EU overstepping its boundaries, remember that this is now Google policy not just EU law.
If that leaves you breathing a sigh of relief because you don’t run AdSense, you might want to hold on to that breath just a little longer.
Users love pop-ups (apparently)!!
The EU seems to be convinced that users hate cookies and love pop-ups and other “in your face” alerts. Site owners worried about the impact of cookie alerts on conversion rate are generally less convinced and concern is focused on what impact cookie alerts have on user experience. Whilst opinions are likely to vary from one member state to the next, data seems to suggest that UK users at least find the alerts more annoying than the cookies they are warning about.
Source: Are cookie notices the cure that is worse than the disease?
What action needs to be taken?
The actual steps that need to be taken to comply with the new policy seem quite straight forward. Quite how it will be interpreted and enforced is yet to become clear, but it boils down to three points.
- Alert EU users if non-essential cookies are being used or if data is being shared with third parties
- Provide a means to read more information (probably including a link to Google’s “How we use data” page )
- Have take some affirmative action (such as click) to remove the message
For those looking for a quick fix check out “The easiest solution ever to the AdSense cookie requirements”
The thin end of a very big wedge?
Whilst the September 30th deadline applies to sites using Google’s monetisation products, there are hints that this might not be the end. Google’s Cookie Choices resource also references Google Analytics.
Google Analytics also uses cookies and requires the sharing of data, raising the question of whether the estimated 30 million websites using Google Analytics will be the next to be forced to show alerts.
It might be tempting to think that the answer is to stop using Google products (which would undoubtedly please some voices in the EU), but this is not just a Google issue. If the EU are successful in forcing site owners to comply by having Google police them, then the logical step is to expect the same from other service providers.
Whether you love or love cookie alerts, it seems that we are all going to be seeing a lot more of them in the near future.
