Cookies are amazing. Whether chocolate chip or the 1×1 pixel type dropped on your browser session. But GDPR and more specifically, the ePrivacy Regulation, have a lot to say about how cookies will be managed and used going forward.
And what about the business benefits? The ROI on re-targeting (that creepy advertisement following you all over the internet) has been shown to be really compelling. So how do businesses not run afoul of cookie usage!
Jay: “Are you DataSmart?” A weekly podcast on data security, information management, and all things related to the data you have, how to protect it, and maximize its value. I’m Jay Ward.
Christian: And I’m Christian Ward. And today, we’re gonna focus on cookies. Not the delicious edible kind, but the kind that are placed into your browser by a little amount of code, trapped in a pixel. And the reason why we’re gonna tackle cookies is they are a critical way of how the web currently operates and your business in all likelihood utilizes them on your website, and then utilizes the data that they can allow you to access for a lot of really smart marketing and approaches to dealing with customers. Cookies generally, if we’re just going to take a step back, the concept is really quite simple. If you like having a persistent shopping cart, let’s say you are online and you add things in your shopping cart, then you browse away and then come back, without cookies that shopping cart unfortunately would likely empty and would no longer have the items you had in it. Another great example of cookie usage online is browser sessions or log in sessions. So, if you have a subscription to the wallstreetjournal.com or ft.com, if you don’t wanna have to log in absolutely every time that you visit there, then you really are a fan of cookies because that’s what allows you to have that persistent ID. Sometimes not just in a session of a browser window, but sort of permanent or persistent as they would call it. So, there’s really two types of cookies, there’s persistent that can continue on and live with your browser after the session, and there’s session cookies, and there’s nuances within each of those categories as well.
Jay: [Cookie Monster Voice] Yummy. Put that in my last house.
Jay: Yeah. Christian, you hit on a word that I think for regulators is very important and that word is “targeting.” Any time you’re doing something on the internet that involves targeting and tracking an individual’s behavior, what they call OBA, online behavior analytics, any of these things that you identify an individual and follow what they’re doing, that’s a red flag for regulators. It’s not illegal, it’s not unlawful, and in most cases it’s not unethical, and it’s profitable. But there are limitations to what you can do and how you can do it. As we’ve talked about before the regulations in the United States are advisory. There’s no specific cookie law in America. The FTC does a lot of work talking about cookies and if you make promises about what you’ll do with cookies then you’re lying, you know, then the FTC might come after you. But it’s not like, you know, thou hast placed too many persistent cookies this year and so, you’re fined. The European Union as always is different and, you know, we talk a lot about the GDPR, but in this case it is another regulation going into effect on May 25th of this year that counts and it’s the ePrivacy Regulation. And that is, I mean, you can basically call it the Cookie Law. That’s what it’s really aimed at doing. It’s driven at controlling and curtailing what you can do with online tracking and cookies. There’s some other provisions too.
Christian: Is this gonna affect everyone’s, you know, pop up window, you know, obviously that was a huge scramble a year or two ago, of everyone having to have that pop up window. What’s gonna happen? What is this new ePrivacy directive really drive?
If you do accept cookies, you click once and for a year, you should be good. For the most part you’ll be able to just continue using as always. If you opt out obviously, your user experience will be affected, but it’s really on the producer or the deliverer side that the change is gonna have to be made. Because now, when you go to read about cookies it’s something that, you know, a privacy lawyer might understand or maybe not. I mean, these are couched in terms that are very difficult to understand. The GDPR and the ePrivacy Regulation do away with all that. They say, “If it’s not clearly understandable and as easy to opt out of cookies as it is to opt in, then you’re gonna get fined.” So, look for much plainer language, look for, “If you don’t want cookies, click here.” And look for that change to happen right around May.
Christian: That’s amazing. And so, you know, looking at, you know, how do companies prepare for this, there are a lot of again from the business angle, retargeting almost always has a higher ROI than direct advertisement. It’s been proven time and time again, it can be very effective. Being able to give a great user experience is also very effective. I’m glad to hear that the user experience is going to be better, but how do our listeners prepare for this? Because yes, you can certainly handle the, you know, the one time yearly check, a check box if you’re in the EU. But what would companies need to be thinking about how can they prepare themselves for the changes that they need to be ready in regards to cookies?
Christian: You know, it’s amazing because I know we’re talking about cookies which the best analogy I can offer you is this sort of a the way they tag the dorsal fin of great whites and they can track them all over the ocean as they go. There’s some great websites to track the great whites as they travel. That’s kind of the concept around “cookieing,” but sort of passive “cookieing” is going to be a topic that we wanna cover as well in the future. I know Facebook applied for a patent that every imperfection of a camera lens, they could identify which camera took the photo and then by using facial recognition of who was in the photo kind of identify who you are taking the picture which is just crazy. But it makes a lot of sense. A little smudge here or a scratch there is actually unique to your camera lens. So, that’s a different type of tracking that might be harder for regulators to get their arms around.
Jay: Yeah. I mean, it’s… From my perspective, that passive “cookie-ing” is really interesting because it’s an intersection of technology that just could not have been conceived of even two years ago when we were bringing the, you know, when the GDPR was being finalized. And now, it’s gonna be a reality very soon. And so, this dynamic interplay between technology and regulation, we see it all over the place. But the question is are you going to be able to take advantage of the technology without running afoul of the regulators and that’s why you need good guidance.
Christian: It’s amazing. Well, once again, we appreciate everyone’s time listening. Cookies are gonna be a real point of contention for a lot of businesses as they try and grapple with, “Hey, do we need these? And to what extent if we use them are we prepared to handle the regulatory oversight that is going to expand with any level of identification or identifiable information?” Thank you all for listening to this edition of “Are you DataSmart?” And can I get a farewell from cookie monster?
Jay: [Cookie Monster Voice] Yeah. Always be cookie smart.
Christian: Thank you everyone. Bye, bye.
Jay: Thanks a lot.