Following on from my previous post about Cookies and with less than a month to go, I’d thought I’d expand some of my thinking and the “pragmatic” approach I’d like to adopt here in Devon.
Firstly I referred to the guide developed by the Government Digital Services (GDS) “Implementer Guide to Privacy & Electronic Communications Regulations (PECRs) for public sector websites” [ pdf warning ] and I really suggest you download it and read it - it is in my opinion a very helpful and pragmatic document and provides more practical help than the Information Commissioner’s website
The following quote for me represents the bigger challenge which I feel web managers also need to invest some time in…
The preferred method of compliance with the new regulations i.e. least disruptive to the user experience, would be one based on users’ “implied consent”. In this context “implied consent” can be taken to mean that a user is aware of the implications of taking a certain action and that by choosing to take such action are implicitly giving their consent to the related outcomes.
However, the ICO does not believe it is possible to take such an approach at present because “evidence demonstrates that general awareness of the functions and uses of cookies is simply not high enough for websites to look to rely entirely in the first instance on implied consent”.
So two points come out of this which are important to acknowledge, the first being implied consent, which sounds like the most logical approach and one which will impact the end-user the least and second Awareness – yes, awareness of what cookies are, what they do and why people need to understand this as they move about the internet. So as it states the ICO state that you can’t really do implied consent if the levels of awareness of so poor that people are clueless as to what cookies are in use on a given site.
However - It’s worth remembering I’m trying to provide a pragmatic solution here – my personal preference is that we in fact do adopt an implied consent model but support with communication and awareness across our site which helps to mitigate any concerns.
So one of the things we will be doing to help with a sustained level of awareness and communication is linking to content which explains what cookies are in a balanced way – Two good examples of this are AboutCookies.org and its Cookie FAQ section and CookieCentral’s FAQ section.
In support of this we will also be linking to content which helps explain how people manage cookies within their browsers and again AboutCookies.org provides some really good resources here.
We will also be communicating that our use of google analytics as a service improvement tool will be on the basis that we do not share any data as described in my previous post
I think as a web community we really should offer a consistent approach to communicating about cookies and in my view we shouldn’t be writing or creating this individually. This should be delivered either through a consistent approach to some common and reusable content which can be syndicated or a consistent approach to linking to the same resources. What ever we do the message and awareness should be the same.