Yesterday I was at the AOP discussing the EU Cookie Legislation. Here are my thoughts on the day’s events:
The Information Commissioner (ICO) has set May 26th as the deadline for UK Websites to demonstrate their intention to comply with the new EU Privacy Directive. Those of you who read the 4Ps Blog may have already seen some of our earlier posts on the topic or indeed some of the discussion on my initial views on how websites may comply on the eConsultancy blog.
It was this blog post which led me to receive an invitation to present and be on a panel at the AOP Forum – Preparing for the EU Privacy Directive, held on the 18th April at the Blue Finn building, Southwark, London. I was in the first sets of Presentation / Panel with my presentation being focused on various mechanisms that people may use in compliance, touch on some of the grey areas and mention some of the exemptions. I then took part in a Panel where I was joined by David Smith – Deputy Commissioner of the ICO, Damian Scragg – MD of Evidon, and Clive Grinyer – Head of User Experience at Cisco.
The presentations from those in my group were excellent. David gave an insightful overview into Data Protection as a whole, the legislation and encouraged people to be more aware of the decisions being made at Brussells – an excellent point and one that is often easily overlooked. Damian discussed the importance of continually auditing sites and ensuring the publishers and site owners alike understand what information is being stored and ensuring a strategy is put in place to gain user consent for storing this information before I gave my presentation showing what I consider to be three ways of positioning consent, being:
- Header / Footer Banner (this may be as implied or explicit)
- Modal Dialog (forced explicit)
- Corner Pop Up / Rollover (this may be as implied or explicit)
My final closing statement was whatever mechanism people used, they should involve and engage their users so:
1. when the change does happen they are aware and
2. if users are engaged they are more likely to interact in a positive way
As you would expect at such an event, our panel comprised with questions mainly aimed at David (being Deputy Commissioner) however the point of engaging and involving users was shared with both Damian and Clive and I think the panel all agreed that the process is a continual one, new technologies always come to fruition meaning audits should be carried out regularly, regulation may change in the future and user experience should be at the forefront of site owners.
Session number two started with a presentation by Theo Bertram, Head of UK Policy at Google before he joined a panel with Tim Gentry – Head of Optimisation & Effectiveness of The Guardian, Simon Morrissey – Partner, Media, Brands & Technology at Lewis Silkin and Danilo Labovic – Managing Director EMEA of TRUSTe. Despite being more policy and focused at what strategic decisions publishers should make in the implementation they chose and how they worked with advertisers and intermediate site owners the same key theme emerged – user experience. Theo also reiterated May 26th is the start, not the end carrying forward the view from Panel 1 that this process is one of evolution.
So what would be my take aways from today:
1. User Experience and Engagement is paramount. If you have not already done so you should be making users aware of changes you plan to make to your website on May 26th.
2. May 26th is not a deadline, it is the start where you can demonstrate you understand and value your users privacy and have a roadmap for compliance.
3. Technology will change and evolve and we should expect legislation to do so to. This means audits and continual revaluation of policy and strategy is key.
4. Compliance does not need to be explicit, implied consent is acceptable provided it is clear to the user how and what they are opting in to.