UPDATE: we’ve posted a revised set of steps following the ICO’s guidance notes here – please read these instead.
In part one we outlined the EU Directive affecting cookies and some of the controversy and interpretations surrounding it; below we discuss the practical steps we suggest brands should take before the 25th May, drawn from our own reading and briefing notes from the IAB UK, DMA, IPA and other sources:
1: Audit your cookies and tags
The first step is the obvious one – make sure you know which cookies your site drops across all of its pages and as a result of on-page functionality being used. We suggest you review the tracking tags on site, too – always a useful housekeeping exercise and a perfect opportunity to remove any that are no longer required, and to consider a tag carrier solution to make this process easier in future.
We can assist Steak clients with this and suggest a tag carrier and attribution solution that we believe is significantly more advanced that the current market leader – and is being developed with privacy issues in mind. Please email your contact for more info.
It’s worth noting that redundant tags add to page load speeds – something Google started paying more attention to a few years ago – and slower loading pages will always impact negatively upon conversion rates.
2: Categorise your cookies and tags
As the Directive allows greater leeway for cookies that are vital for site functionality, it makes sense to categorise your cookies and treat different categories differently. We suggest adopting the DMA’s categorisation:
Useful but intrusive cookies: These cookies are useful to your organisation but are particularly intrusive from the consumer’s point of view. An example of this type would be third-party cookies which track a user’s use of the internet as they move from website to website. You will need to get consent for the use of such cookies and ensure that website visitors are fully aware of how the cookie will work in simple terms which they can understand.
3: Update Privacy Policies and Consider Site Ts and Cs
We also strongly suggest talking to in-house lawyers at this stage, but especially on the point of consent. It may be that site Terms and Conditions will become the place to request consent in the DCMS guidelines. The theory is that by using the site the visitor accepts the site Ts and Cs (a standard mechanism now) and the Ts and Cs can be amended to include giving consent as a result of using the site. That may be a change worth making sooner rather than later.
4: Monitor the Press
This will be the most important thing after the 25th May – as detailed DCMS/ICO guidelines are published and the attempts to enhance browser functionality succeed or fail, brands will need to adjust their cookie usage / site text accordingly.
We’ll add further blog posts as this develops.
UPDATE 6/5: Some government guidelines might be published before the 25th according to some sources; however how much time brands will then have to act is unclear; we still suggest following the steps above.