Sunday, 10 February 2013

Cookies: Perhaps this is what the fuss was all about

Now the cookie rules have been in force for so long that many of us have moved on to deal with more pressing issues, I’ve been asking myself what the fuss was really all about.

There have been benefits. New careers have been forged in the compliance industry, and webmasters are (probably) more aware of what “their” websites do than before. Compliance professionals have developed a new vocabulary of terms which have been posted on the pages of websites that are accessible by those few, yes those happy few, users who click on the links to learn more about cookies.

The more frequently I click on these links, the more frequently I smile. I read down long lists of cookies, carefully explained and categorised, and I think to myself ‘surely I can’t be the only person not to understand much about this stuff.’ If ever we have found a way of not engaging with users, then surely this is it. 

But then again, I don’t remember any specific campaigns mounted by the privacy brigade demanding better transparency about cookies at the time the e-Privacy Directive introduced the new rules, nor do I recall reading any letters from customers of the companies I used to work for mentioning that they wanted to have the right to opt out of certain types of cookies. Yes, people wanted the right to object to personalised advertising, but I can’t think of a single letter from a customer that ever mentioned cookies.

Moving on to the present, however, and thanks to the way we lead out current lives, what we have is a situation where, thanks to the efforts of the privacy lobby and some of the regulators, people are much better informed about the electronic trails that they leave.

But has this changed user behaviours? Or user preferences? 

Have many people taken advantage of their ability to obliterate some of these electronic trails by objecting to certain types of cookies?

I’m really looking forward to seeing evidence that many people have.  

What I do see are renewed efforts buy the regulators to encourage greater transparency – particularly in the mobile arena, where the focus is now shifting to mobile application developers. Yes, these developers need to become far more transparent about what they do with the data that is hoovered up. But, I don’t think this will necessarily damage their business models. 

The point, after all, is simply to explain what is being done with the data that is being obtained. In larger organisations, yes this will be a challenge – a challenge of information accountability. Many more organisations seem to have an information security officer than they have someone accountable for the information that actually populates these databases. The challenge, therefore, is to understand just who is accountable for the information that is being processed, so that they can be accountable for the cookie explanation.

I don’t think that these explanations, once published, will necessarily cause users to object to what is being done. So I don’t think they have much to fear.

The only thing for businesses to fear is not making these explanations available in the first place.

To my mind, the greatest thing to have emerged from the great cookie saga has been to highlight the role of effective information governance in an organisation.

And it’s been highlighted, I think, by pointing out how hard it is to find it within so many organisations.