Cookies… Love ‘em or hate ‘em, they form a core building block of many of the technical platforms that underpin affiliate marketing. Most affiliate marketers know that they’re far from ideal for sales-tracking (with some of the wilder claims suggesting that as many as 25% of all ‘advertising’ cookies are blocked/deleted). Indeed, most networks are now introducing ‘cookieless’ tracking systems to a welcome reception from the affiliate marketing community.
The following is a guest post on behalf of the author detailed below. If you would like to submit an article for consideration or collaborate on content towards this affiliate marketing blog please get in touch.
About Simon Mohacek
Kicking off his digital career at Overture/Yahoo, Simon subsequently ran the Paid-Search department at digital agency Blue Barracuda where he oversaw the search activities of clients such as Nectar, Hamleys and Goldsmiths. Simon then left to co-found CPDcast®, the UK leader in CPD online before subsequently co-founding digital media agency The Digital House (the online arm of The Specialist Works group), which he runs today.
Cont…
The latest news from Europe appears to be spurring these developments on. Back on the 26th October the Council of the European Union adopted an amendment to a previous directive that is intended to clarify the use of tracking cookies (or to be more precise, the use of internet users’ information in a tracking context).Many industry-commentators (such as Matt Bailey) interpreted this to mean that cookies are AOK under the new law, following a statement from the IAB.
However, contrary to Matt and the IAB’s belief, I’m not sure that the amendment actually does clarify the previous directive in favour of the status quo. If you haven’t been following this issue in the press over the last few years, let me get you up to speed…
Cookies have long been the whipping boy for the paranoia surrounding the Internet’s ‘big brother’ capabilities; an easy target in a scary, under-policed world of spyware and viruses. Indeed, you only have to look at how the average modern antivirus package now warns against cookies after performing a scan, to view the perception of them. This attitude towards tracking/cookies was one of the driving forces behind the European Union’s attempt back in 2002 to create some order out of the chaos with the original ePrivacy Directive (Directive 2002/58/EC). However, privacy advocates campaigned from its inception that this Directive was far from adequate, so a couple of months ago, they had another go with the following paragraphs:
Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia about the purposes of the processing.
This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.
With less than 2 years until the date (26th April 2011) that national legislatures (such as the UK) must have put the directive into law, it is not surprising that some privacy campaigners are more than a little surprised by the position that the IAB have taken in their latest press release:
Eliminating legal uncertainty in this area, the ePrivacy Directive (2002/58/EC) within the Package provides a solid legal basis for cookie management tools in browsers and other applications…
Indeed, on the same day as the IAB press release, Viviane Reding (the European Commissioner for Information society and media) went straight on the record to comment (13:15 if you’re interested) following a wave of misunderstanding; I certainly wouldn’t be surprised to hear more from her on this issue in the coming months.
Given the various forms of information that cookies can contain, and the varied uses that different companies/organisations put them to, the idea that the current situation (of browser controls dictating which cookies are allowed by which sites) fulfils the stipulation that “the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information” is – in my opinion at least – certainly not as the IAB would have you believe ‘eliminating uncertainty’.
So, what does this matter?
Surely, I hear you ask, given the fact that the digital media industry (and none more so than affiliates) relies on cookies to function, the government won’t simply force a law ensuring that every website in the UK displays some form of pop-up or overlay warning about tracking cookies?
Let’s hope not. Although to be honest, given how loosely other UK laws are interpreted when it comes to online (such as DDA or The Companies Act), I wouldn’t expect a cookie witch-hunt any time soon even if the directive were simply transposed into law by the UK. However, in the meantime I think that the IAB could do more for the industry than simply offering PR platitudes.
Oh… and lastly, to go back to my first paragraph, many networks are now introducing ‘cookieless’ tracking. However, let’s get one thing clear: this technology – in its current incarnation at least – does NOT simply make this issue go away. Cookieless tracking is performed through a number of methodologies, chief amongst these are ETags and Flash cookies. Correct me if I’m wrong, but don’t the amendments to the directive refer to: “the storing of information”? Last time I checked, ETags and Flash Cookies would be every bit as guilty of storing information as the good ole text cookie.
Let’s all hope we get clarification on this soon for the good of the industry. In the meantime, I would welcome comments/thoughts. My fingers are crossed that it’s my interpretation that is incorrect…
Thanks
- Simon Mohacek
1 Comment
Leave a Reply
Recent Posts
THE NEW DORK (Jay-Z ft Alicia Keys Spoof)
Awesome geeky and Internet spoof of chart topping Jay-Z and Alicia Keys “Empire state of mind.” Click, watch and...Read More
Where’s the affiliate marketing App Store?
The mention of an Affili.net application store in this week’s A4UExpo newsletter caught my eye so off I went to...Read More
Affiliate Window acquires Buy.at
Much has been said about the recent merger of Buy.at and Affiliate Window so I won’t dwell on the topic...Read More
Impact Radius to battle affiliate networks?
Today saw the affiliate industry move further down the path which aims to cut out the “middle man” and move...Read More
Simon,
You are correct – the wording of the ammendments refers to placing or reading of “files” on end user’s terminal equipment not cookies. The purpose of the ammendment was not just about cookies, it was also about drive by malware/spyware via activex, Local Stored Objects (such as Flash Cookies and Silverlight Cookies) and rogue javascript/cross site scripting. So your interpretation that using Flash and eTags will not circumvent the regulations is spot on.
But let me add here that this is actually the fault of the industry not overzealous legislators. The ad industry has been given the freedom to self regulate for decades and they have failed to behave appropriately. Had they followed the rules in the first place – such as obtaining informed consent via opt-in mechanisms in the past instead of burying clauses in terms and conditions to try and circumvent data protection and privacy laws – then they would not be in the situation they are now in and frankly IAB haven’t helped at all.
The current IAB “Best Practise Guidelines” basically stick their fingers up at the law and at the public – which was a dangerous position for them to take. So you can’t blame Commissioner Reding and Kuneva for taking the action they have.
I should remind you also that the UK is already subject to infringement action by the EU commission for failing to enforce EU privacy regulations and I will tell you right now, if the UK fail to transpose the new EU Telecoms Reform Package into UK law appropriately, I will be pushing for the Commission to take further infringement action.
So I would recommend the industry start to behave in accordance with the law instead of trying to circumvent it, because the more they do the latter, the tighter the laws will become and more people like me will campaign for the same.
Alexander Hanff
Head of Ethical Networks,
Privacy International.
Founder of NoDPI.Org