With the deadline to comply with the EU e-Privacy directive only a few weeks away (26 May), the confusion amongst marketers doesn't look to be dissipating at all. In fact, in a recent study by Econsultancy, 61% of marketers said they still don't understand the options for gaining user consent.
The lack of understanding is adding to the confusion and panic around the approaching deadline. However, if brands take things back to basics, they will see that there are actually just two main approaches to consider here - automatic opt-out (auto opt-out) and automatic opt-in (auto opt-in).
An auto opt-out approach essentially means that you don't use cookies without explicit consent from consumers. Tanqueray.com and the ICO itself have adopted this approach, asking all visitors for their consent when they land on the site.
A clear approach that enables consumers to opt-in upfront is perhaps the most logical route for brands to take. However, as the ICO site saw its traffic drop 90% when it first introduced the opt-in banner, it is sensible for brands to also consider an auto opt-in approach.
An auto opt-in approach means that whilst consumers are given the tools to opt out of having a cookie placed on their machine, they are automatically tracked from the moment they hit your site.
BT.com follows this approach. When a consumer lands on the BT site a pop-up appears, providing them with information on cookies, what they are, what they are used for and how they can opt-out if they wish. In a similar, but less proactive way, Johnlewis.com has updated its privacy policy and cookie notice for consumers and introduced clearer sign-posting on its site about where consumers can find this information as well as explaining how they can opt-out.
Both an automatic opt-in and opt-out approach are viable options. The question brands should be asking themselves is 'Am I providing my customers with the opportunity to provide their consent?'
Of course, if you operate internationally, you will also need to understand how your approach will play out when the directive is enforced in new countries. The UK is leading in introducing the cookie law but all 27 member states of the EU are planning implementation of their own laws. The US Congress is also looking at introducing a similar e-Privacy directive. From a legal perspective, brands should start by adhering to the UK law and then take market specific legal guidance as the directive is introduced as law into each new market.
In focusing on complying with the UK law, don't focus on the financial punishment for missing the deadline. The ICO is unlikely to administer the maximum fine of £500,000 to just anyone. In fact, whilst the ICO may seem to have been harsh in its handling of the directive's introduction and enforcement so far, it has provided a more flexible non-prescriptive approach for UK websites than its counterparts in the EU look set to offer.
As a UK brand, embrace the flexibility on offer to find an approach that enables your customers to easily provide their consent. Get it right in the UK and no matter what territory you expand into you will be on (and stay on) the front foot.