Do you accept my cookie

Privacy by Alan Cleaver (flickr)

My family uses in the internet a lot, we use it to shop online, book holidays, search for stuff and we all conduct research in various forms, as I suspect most people do.

So when speaking to some of my family the other day, I asked them about the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 and to my shock horror they knew very little, in fact nothing about it whatsoever. It was understandable from my kids who are only 7 and 5, but my wife, who shops online more than I do, didn’t know anything about it.

I wasn’t actually shocked, whilst privacy is important (and it really is) most people don’t really know what the legislation is even trying to do or guard them against…I suspect most people will in fact get frustrated with simply clicking on a “accept or deny” cookie button on every website they visit.

I’m not going to get into a debate here about whether or not the legislation is actually the right thing to do, but i’ll just remind myself of one of the main intentions – this is a quote from the the Information Commissioner’s Office (ICO) website.

It should be remembered that the intention behind this Regulation is also to reflect concerns about the use of covert surveillance mechanisms online.  Here, we are not referring to the collection of data in the context of conducting legitimate business online but the fact that so-called spyware can enter a terminal without the knowledge of the subscriber or user to gain access to information, store information or trace the activities of the user and that such activities often have a criminal purpose behind them.”

So how does a web manager / website owner start to tackle this problem.

Well i’d certainly recommend following the steps suggested in the Government Digital Services (GDS) “Implementer Guide to Privacy & Electronic Communications Regulations (PECRs) for public sector websites” [ pdf warning ] – it suggests starting with an audit…which is the best starting point in my opinion. One other thing i’d suggest doing is revisiting your existing privacy statement on your website.

There is an interesting and pragmatic stance being taken by the GDS as outlined in this post by Dafydd Vaughan. You can read a variety of views on the comments of this post  which all contribute to a confused space…the one thing you can be sure on, is that we all have to do something pretty quickly.

But i’d thought i’d expand slightly otherwise this would be a pretty pointless post 🙂

One of the most obvious places to start is in fact the organisation’s website who have provided the guidance on this legislation in the UK – the Information Commissioner’s Office (ICO).

They have provided a method which asks you consent to the use of cookies and provides a link to their privacy notice page. [ I consented to cookies if anyone is interested 🙂 ]

I’m ok with this approach in general, although it sort of feels like an advert at the top of the page with one of those “click here to sign-up” options, but it sort of works. Other methods are being used which you can read about here. I’m not sure which is best to be honest, i think after a while a consistent approach will emerge, but it is too soon to really work that out.

When reading the ICO’s recent guidance it actually refers to the approach the ICO is taking itself and states:

Can I copy the Information Commissioner’s solution?

The Information Commissioner’s website uses a banner that informs users about cookies and gives them the chance to consent. Whilst we have no objection to organisations seeing if this option would work for them any solution has to be appropriate to an organisation’s own needs. We will review the use of the banner in future and may consider other options ourselves.

On the ICO’s privacy notice page – I was intrigued as to what level of in formation they provided in here – I was surprised to see that the google analytics cookie referred to – not because I don’t like google analytics, in fact i personally really like google analytics and use it myself, it’s free and provides good data on visits, visitors, devices, platforms, browsers and a range of other useful features – the reason I was surprised is that many people have been suggesting that google analytics is a target, so i was actually pleasantly surprised.

You can of course use non cookie based analytics, but some people suggest these are actually worse in some cases. I’m not going to get into detail about that here, you can read about that by searching the web.

When clicking through to the google privacy page, which the ICO websites directly links to. It is worth sharing this important piece of information, which in reading a variety of articles and blog posts on this topic i hadn’t noticed anyone picking up on.

This is a quote from the google privacy page

Google’s Use of Analytics Data

Website owners who use Google Analytics have control over what data they allow Google to use. They can decide if they want Google to use this data or not by using the Google Analytics Data Sharing Options. When these options permit it, the data is used to improve Google products and services. Website owners can change these options at any time.

So I checked in my admin settings for one of the sites I have analytics on you can specify in your analytics admin settings not to share the data with anyone, not even google – it was set by default to “do not share”.

Data Sharing Settings - google analytics

So it would be important to know whether if you consent to cookies, how that information is being used…so in the case of the ICO website, it actually fails to tell me –  the user – whether or not the information they are collecting is shared with google or simply kept private and used only for service improvement purposes – i’m assuming (not always the right thing to do) that they keep it private.

The one bit of irony in all of this is that whatever someone does, they need a cookie to save the fact that someone has either said no, or they constantly present the same message to the same user over and over again. Depending on your approach, it could be a bit like refusing site pop ups over and over again….

What we can be certain of is the next few months are going to be really interesting. i’d welcome hearing from people as to how you are planning and approaching the legislation.


Location, Location, Location

I’m fascinated by the increased conversation about Location based Social Networks as i personally find them really interesting.  Back in January this year i predicted they would be big in 2010 (albeit my rationale was deeply flawed and influenced by a particular phone!!).

However they do seem to be growing in value and more and more people are seeing business opportunities and benefits from working with them. It is also interesting to see Google and Facebook both supporting Location based features of varying levels that if they see value then i guess we won’t actually get much choice. Location will just be another feature of our interaction with our friends and colleagues.

I was thinking the other day – what would happen if all of the content from TripAdvisor (ratings, feedback, pricing etc) was integrated with a location-based network like Foursquare or Gowalla. In fact there is almost a duplication of content happening at some level anyway. The power of that information is already influencing people’s decision – but if you could see that someone who actually said they liked the place had “checked in” say 10-15 times, would you believe them more than someone who checked in only once?

This is where these tools are starting to move, if businesses are savvy, and want to manage their brand they will need to understand this stuff. I say understand as it is still early days and most of the benefits and new features are becoming useful because the companies themselves are adding value by linking with other sites or companies.

But there is a dark side – isn’t there always!

Privacy is something that a lot of people care about, most people were vocal about Facebook’s dealings of privacy – so we can assume that it is an important thing to get right – it is also an important thing an individual needs to get right so that it doesn’t back fire.

An example of how weird and creepy it can get can be found on Shea Sylvia’s blog. It is the type of story that people will use to say that these sites don’t offer value and that they will only lead to bad things – well i don’t agree with that….Shea’s situation and experience is not something i’d like to go through – i’m glad she shared the story, but it does offer us all a valuable lesson and one which made me think about how all this stuff fits together.

In Facebook i have quite tight privacy controls and only (as a rule) except friends who i have actually met in person – Facebook is a place where i share photos of my family and more personal events. So i’m happy to share this with people i consider to be friends in one form or another.

On twitter, i have a public profile (i don’t protect my tweets) but i generally use this as a professional tool and only occasionally use this in a personal capacity – i do however consider a good proportion of people i follow on twitter (those i have met and some i haven’t) as friends also.

Foursquare and Gowalla – These tools don’t really do privacy that well in my opinion or at least create an illusion on privacy, yes you can accept friends but when you check in somewhere it will share that with anyone who visits that location. I can see the value in this, but why can’t you restrict you check in information to only those people you accept as friends?

My point being that when you decide to share something, it should be based on your own understanding of how you have set your privacy settings – it can’t create loop holes for your information to leak out to anyone.

I will personally be revisiting all of my privacy settings and how they interact with each other so that i can be sure who has access to the information i post to the web.

Facebook photo convicts school aide of drinking charge | CNET News

A great example of why we should all really think about the information we publish online and who has access to that.

Our digital footprint is something which can have a positive influence as well as a negative influence in our lives.

Links 4th July- Google faces ‘Street View block’

I guess there will be a global consent form soon for when we walk down the street, just in case we are caught on someone’s camera and posted to the web.BBC NEWS | Technology | Google faces ‘Street View block’