5 months after the deadline of the prominent ‘cookie law,’ the first statistics are yielding optimistic results. The announcement of the EU Cookie Directive resulted in a plethora of catastrophic (yet very imaginative) scenarios for website owners; websites would be brought down, customers would opt-out of cookies and as a result user experience would be poorer.
Ok, but what is the EU Cookie Directive?
The EU Cookie Directive was introduced in May 2011. But as webmasters need time to align their websites with the new law, a 12-month period was granted. The supposed purpose of the ‘Cookie Law’ is to increase data privacy and online security as well as users’ involvement in the (almost always) unanswered question of how personal information is used and stored. Unsurprisingly, only a small minority of internet users care about their personal information; according to Stanford University, only 39% and 33% agree strongly and somewhat respectively that there should be laws to protect internet privacy.
At this point, it’s worth noting the difference between US and UK privacy, as the term itself is conceived differently by the two nations. According to Jeff Chester, of the Center for Digital Democracy, “in Europe, privacy is enshrined as a civil right, based on the experience that happened in Europe with Hitler and with communism, and you (Europeans) have embedded important civil safeguards around privacy that places the system in balance between the citizen and the corporate sphere and the government.
In the US, while privacy is a form of a right, it is in fact the free market which determines most of the policies when it comes to the internet.” This law addresses EU privacy concerns by asking website owners to incorporate detailed information of what information cookies hold and how long it is stored. Either by adopting the modal dialogue (dialogue box), the status bar (status bar visible until users opt in to cookies from the website), or the warning bar (similar to the status bar) website owners have enforced the legislation. The penalty for not complying with the EU Cookie Legislation is the ‘extreme’ amount of £500,000!
What is the effect of the ‘cookie law’ 5 months after the website owners’ compliance with it?
The analysis of 231 of the UK’s top websites showed that 63% had done something to address the ‘cookie law’ – of which 12% had implemented a ‘robust consent management solution providing users with prominent cookie notice and robust or user-friendly controls.
The data privacy management company TRUSTe released the first statistics on the impact of the cookie law on website users and owners. The survey examined 29 websites of 35 million users in United Kingdom and revealed that the vast majority of website users are not concerned about getting more information on cookies and privacy, as there were only 1.47% clicks on the ‘about cookies’ icon (that is over 10 times the average click through rate on the typical banner ad).
Of the visitors to the “About Cookies” page, 8.2% clicked on cookie settings and took the following actions:
- 14.8% chose to change their settings to “functional cookies,” defined as “cookies that allow us to analyse site usage so we can measure and improve.”
- 26.8% chose to change their settings to “minimal cookies,” defined as “cookies required enabling core site functionality.”
58.4% did not change their setting from the default of “advertising cookies,” defined as “cookies used by advertising companies to serve ads that are relevant to your interests” (figure 1).
Figure 1: Users’ Actions
Interestingly, in the UK, from June 1st to August 31st, the click through rate on the privacy icon doubled 0.16% to 0.3% (figure 2), signifying that users were seeing and/or learning about it more.
Figure 2: Click Rates
Simultaneously, post-view opt-outs in that same period decreased to 0.04% from 0.15% (figure 3), suggesting that after all the fuss about the law users became less prone to turn off tracking, possibly because they were feeling more ‘secure’ due to the robust notice they were offered.
Figure 3: Post-view opt-out rate
In short, it now seems that the enforcement process has resulted in increasing awareness of privacy controls and cookies policies and decreasing opt-out rates. Five months after the cookie law deadline, more – but still a small minority – of people understand how they are being tracked on websites, and start feeling more comfortable with their tracking, as they are given more control over it.
In other European countries the situation is different. In France and Germany the cookie law is not in force yet, so both icon click rates and post-view opt-out are constantly low. In the Netherlands, the government is pushing the adoption of the strict ‘explicit consent model’, where users are obliged to opt in to allow their data to be collected. Therefore, icon click rates and post view opt out rates are in parallel.
All this preliminary data should be treated cautiously. But if these numbers continue to grow in the right direction, it seems that the UK could be the frontrunner of a European mind-set that positions internet security and data privacy in the centre of the attention. There may be understandable criticism suggesting that this law is just a part of EU bureaucracy that results in users’ disruption but increasing consumers’ privacy, defending data transparency and offering a quality user experience is still of paramount importance.