To cookie or not to cookie?

I’ve noticed over the past few days that there has been a lot of debate in the US press and on other places over the issues of cookies again. This time it’s not been about the number of people who’ve been blocking them or deleting them (a bad thing apparently) but about the number of government and federal sites that are (allegedly) serving them (also a bad thing apparently). The fact that some US government sites have been found to be serving cookies has led to headlines such as Government Web sites are keeping an eye on you. So, it would seem that the only thing that is worse than people deleting or blocking cookies is people serving them in the first place?

I must confess to not having read all of the 87 posts on Eric Peterson’s web analytics forum on the subject so far or the various articles doing the rounds, to know that feelings run strongly on this one on all sides of the argument. And I’m not going to run the risk of adding fuel to the fire but it did strike me that we are not having the same sorts of cookie-related debate over here in the UK and so I was wondering why that is. Is it because we are better informed on the issue or less informed? Should we be more worried about cookies than we seem to be?

In Europe we did go through some angst on the issue a few years ago. In 2002 the European Parliament passed a directive on privacy and electronic communications. Leading up to this directive, there had been a concern in the industry that cookies would effectively be made illegal as a breach of personal privacy. In the end the European Parliament came to the conclusion that it wasn’t cookies or web bugs themselves that infringed privacy but the inappropriate use of these devices was an infringement of privacy. Having gone back and had a look at the directive again I thought the following passage was particularly relevant to the debate going on in the US at the moment. I quote:

So-called spyware, web bugs, hidden identifiers and other similar devices can enter the user’s terminal without their knowledge in order to gain access to information, to store hidden information or to trace the activities of the user and may seriously intrude upon the privacy of these users. The use of such devices should be allowed only for legitimate purposes, with the knowledge of the users concerned. However, such devices, for instance so-called “cookies”, can be a legitimate and useful tool, for example, in analysing the effectiveness of website design and advertising, and in verifying the identity of users engaged in on-line transactions. Where such devices, for instance cookies, are intended for a legitimate purpose, such as to facilitate the provision of information society services, their use should be allowed on condition that users are provided with clear and precise information.

This might be a bit tough to follow (after all it is a legal document) but it essentially recognises cookies can be a “good thing” provided they are being used legitimately and people are told what’s going on. Without quoting more of the document, the position we have in Europe now is that you are entitled to use them provided you tell people that you are serving cookies in your privacy policy and how you use that data and also how people can refuse to accept or delete cookies from your site.

I don’t claim to be an expert on this issue at all but it does seem to me that having a legal framework to work against does help to some extent with this issue. It doesn’t always take the emotion out of the subject, nor does it prevent individuals forming a judgement about cookies for themselves and making their own views known. But that’s society for you.

But what I like about the position in Europe at the moment is rather than taking an explicit or implicit “all cookies are bad” stance, it recognises that there is a potential benefit to society in the appropriate use of cookies. By understanding how people behave on web sites, it’s possible to use that insight to create a better experience for visitors in the future without necessarily infringing personal liberty. After all, observation of shopper behaviour is nothing new to the online world. Our supermarkets and stores are laid out the way they are based on years of observation of shopper behaviour and analysis of shopper derived data. However it’s clear, the ability to harvest (even anonymous) data should not be taken for granted and even in the absence of legal frameworks, transparency is a sound policy.

More from Applied Insights

See more: Articles
See more: Web analytics

Learn about our web analytics consulting Discover our innovative marketing applications Get to know Applied Insights