even bigger test to businesses than GDPR . It's a regulation that will create a likely deficit in the customer information they collect even post-GDPR.
Current cookie banner notifications, where websites inform users of cookie collection, will make way for cookie request pop-ups that deny cookie collection until a user has opted in or out of different types of cookie collection. Such a pop-up is
expected to cause a drop in web traffic as high as 40 per cent. The good news is that it will only appear should the user not have already set their cookie preferences at browser level.
The outcome for businesses whose marketing and advertising lies predominantly online is the inevitable reduction in their ability to track, re-target and optimise experiences for their visitors.
For any business with a website and dependent on cookies, the new regulations put them at severe risk of losing this vital source of consumer data . As a result, businesses must find a practical, effective and legal alternative to alleviate the
burden on the shoulders of all teams involved and to offset any drastic shortfall in this crucial data.
Putting the power in the hands of consumers when it comes to setting browser-level cookie permissions will limit a business's ability to extensively track the actions users take on company websites and progress targeted cookie-based advertising.
Millions of internet users will have the option to withdraw their dataset from the view of businesses, one of the biggest threats ePrivacy poses.
Dormouse: Anyone for a magic cookie. If you accept it you will be devoured by evil giants, if you decline, your community will be visited by pestilence and famine.
Alice: That is an impossible choice.
Mad Hatter: Only if you believe it is. Everyone wants some magical solution for their problem and everyone refuses to believe in magic.
Alice: Sometimes I've believed in as many as 6 impossible things before breakfast.
Mad Hatter: And we've legislated them into EU law by lunch
European lawmakers (including judges) seem to live in an Alice in Wonderland world where laws are made up on the spur of the moment by either the Mad Hatter, or the Dormouse. No thought is given to how they are supposed to work in practice or how
they will pan out in reality.
For some reason EU lawmakers decided that the technology of internet cookies personified all that was bad about the internet, particularly that it is largely offered for 'free' whilst in reality being funded by the invasive extraction and
exploitation of people's personal data.
Justifiably there is something to be legislated against here. But why not follow the time honoured, and effective, route of directing laws against the large companies doing the exploiting. It would have been straightforward to legislate that
internet companies must not retain user data that defines their behaviour and personal information. The authorities could back this up by putting people in prison, or wiping out companies that don't comply with the law.
But no, the EU came up with some bizarre nonsensical requirement that does little but train people to tick consent boxes without ever reading what they are consenting to. How can they call this data protection? It's data endangerment.
And unsurprisingly the first wave of implementation by internet companies was to try and make the gaining of consent for tracking cookies a one sided question, with a default answer of yes and no mechanism to say no.
Well it didn't take long to see through this silly slice of chicanery, but that doesn't matter...it takes ages for the EU legal system to gear up and put a stop to such a ploy.
So several years on, the European Court of Justice has now ruled that companies should give real options and should not lead people down the garden path towards the option required by the companies.
In an excellent
summary of this weeks court judgement, the main court findings are:
pre-ticked boxes do not amount to valid consent,
expiration date of cookies and third party sharing should be disclosed to users when obtaining consent,
different purposes should not be bundled under the same consent ask,
in order for consent to be valid 'an active behaviour with a clear view' (which I read as 'intention') of consenting should be obtained (so claiming in notices that consent is obtained by having users continuing to use the website very likely
does not meet this threshold) and,
these rules apply to cookies regardless of whether the data accessed is personal or not.
pdpecho.com commented on what the court carefully decided was the elephant in the room, that would be better not mentioned. ie what will happen next.
The latest court judgement really says that websites should present the cookie consent question something like this.
Website cookie consent
I consent to this website building a detailed profile of my browsing history, personal information & preferences, financial standing and political leaning, to be used to monetise this website in whatever way this website sees fit.
No I do not consent
Now it does not need an AI system the size of a planet to guess which way internet users will then vote given a clearly specified choice.
There is already a bit of discussion around the EU tea party table worrying about the very obvious outcome that websites will smply block out users who refuse to sign up for tracking cookies. The EU refers to this as a cookie wall, and there are
rumblings that this approach will be banned by law.
This would lead to an Alice in Wonderland type of tea shop where customers have the right to decline consent to be charged the price of a chocolate chip cookie, and so can enjoy it for free.
Perfect in Wonderland, but in the real world, European internet businesses would soon be following in the footsteps of declining European high street businesses.