new cookie directives what s crumbling n.
Skip this Video
Loading SlideShow in 5 Seconds..
New Cookie Directives: What’s Crumbling? PowerPoint Presentation
Download Presentation
New Cookie Directives: What’s Crumbling?

Loading in 2 Seconds...

play fullscreen
1 / 24

New Cookie Directives: What’s Crumbling? - PowerPoint PPT Presentation

  • Uploaded on

New Cookie Directives: What’s Crumbling?. Presented by Mike Knight. Housekeeping. Audio/Video Questions – Use Or use panel on RHS At the end – see where to download notes. Recap From Last Time. Recap from Last Time Disclaimer What Are Cookies? Google

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'New Cookie Directives: What’s Crumbling?' - holly

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript



Questions – Use

Or use panel on RHS

At the end – see where to download notes

recap from last time

Recap From Last Time

Recap from Last Time

DisclaimerWhat Are Cookies?


What Are They For?

Who Uses Them?

Basic Cookie Security.

Cookie Law – The Changes


Problems With It

What To Do About It

My Interpretation





I Ain’t A Lawyer! – This is Just My Opinion


What Are Cookies?

Web pages don’t have “Memory”

.txt Text Files Hosted on your Computer, created by the browser

e.g. Mike knight, added fly fishing rod to shopping basket, Date & Domain

You can Look at them, delete them etc.

Locked to a domain or even a page, with an expiry date.

Can be set with javascript or php etc .ie. client side or server side.

Short Term or Long Term? Primary or Third Party?

Session Cookies: eg shopping basket(could use ip address and computer details?)

Persistent/Tracking Cookies : remember next time eg have the site in ChineseLocal Shared Objects : “Flash Cookies” – Outside scope.

3rd Party Cookies – e.g. Analytics, Behavioural Ads etc.


What Are Cookies? [cont]

Tab-separated columns are:

Domain, Path, Secure(?), Expires, Name, Value / FALSE 1999999999 foo bar /folder TRUE 1999999999 SSID xxx1234 /abc/def FALSE 1999999999 Margaret Classical

google tracking goals remarketing
Google : Tracking, Goals, Remarketing

An Example of a [3rd Party] Script that sets cookies... PPC Data!

<script type="text/javascript">vargaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "' type='text/javascript'%3E%3C/script%3E"));

</script><script type="text/javascript">varpageTracker = _gat._getTracker("UA-281416-1");pageTracker._initData(); pageTracker._trackPageview();</script>


Common Uses For Cookies.

Shopping Carts

Secure Logins

User Preferences eg Languages, Accessibility, Remember Popups

Name, Previously Visited...

Web Analytics : New/Repeat, ClickpathSource, TOS, Browser, GEO(IP), KeyPhrase...

e.g. Google Analytics, Omniture, Clicktracks, StatCounter ...

Used By People Like:Amazon, Ebay, LinkedIn, BBC, .... Even Us!


Cookie Security

In themselves, they’re just text. Can’t be “Run” like a .exe

Can be used as a form of spyware though by tracking sites

Most browsers have built in privacy settings that provide differing levels of cookie acceptance, expiration time, and disposal after a user has visited a particular site.

Cookies Transmit <> browser << >> website, if an attacker or unauthorized person gets in between the data transmission, the sensitive cookie information can be intercepted.

Behavioral Software “Mouse Tracking...???”

A bad programmer could store sensitive information, unencrypted.

The United States government has set strict rules on setting cookies in 2000 after it was disclosed that the White House drug policy office used cookies to track computer users viewing its online anti-drug advertising.


Currently, Users Can (Via Browser Settings)

  • accept all cookies
  • accept all but third-party cookies
  • block all cookies

The Change in EU Law

An amendment to the Privacy and Electronic Communications Directive known as the EU Cookie Directive came into effect on 25 May 2011 that requires website owners to be transparent with website visitors about how cookies are used.

The Emphasis is on the user, not the website owner.

It was deferred for a Year... Now What?


“Blurb” :

Rather than the "Opt out" option for website visitors, websites will need to specifically gain the consent of their visitor and they must "Opt In" to be able to store cookies on their computer or other devices.This is expected to be difficult to manage and enforcement will more than likely be done subtlely and with encouragement rather than with the threat of fines and penaltys.

What does the new law say?The new requirement is essentially that cookies can only be placed on machines where the user or subscriber has given their consent. 6 (1) Subject to paragraph (4), a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met. (2) The requirements are that the subscriber or user of that terminal equipment-- (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b) has given his or her consent. (3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use. “(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.(4) Paragraph (1) shall not apply to the technical storage of, or access to, information-- (a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

In Short ; essential Cookies are OK : eg Shopping cartNon-Essential Cookies are NOT OK, without Prior Consent

problems with it well intentioned but
Problems With It.Well intentioned, but...
  • It will annoy and confuse users.
  • It will annoy and confuse owners.
  • Everyone is now a law breaker...
  • The law is different in every EU state.
  • It puts EU businesses at a disadvantage.
  • It’s a Real Mess!

Will it Affect Conversion Rate? Yes- Definitely.

(At least Short term)

Other Contentious Issues :

Employer’s v Employees Preferences

Once Set; Who Used a (shared) machine last?

What about Existing Cookies in Existence That Are Set?

Who Defines “Strictly Necessary”?What Are the Penalties?


Potential Implications :Behavioral Advertising! (Google) [x2 effective]

Clicking on PPC multiple times : Strictly Necessary?

Conversion Tracking.

Social media plugins - such as the Facebook Like button - almost all use cookies to track their visitors in a way that goes beyond what a user might expect. If you visit a website with a Facebook Like button on it, then Facebook know about it - even if you're not logged in to Facebook, and don't click their button.

The More Intrusive – the more you need to do.

Font Size >> Type of News Feeds >> What You Bought.

So, Shopping Basket is “OK” because it’s necessary!

How do you ask "can we track you to make our advertising more effective?


What To Do


“The government's view is that there should be a phased approach to the implementation of these changes. Over the summer, we will be working on developing the best methods for obtaining your consent. 

In the meantime, you can control cookies by setting your device to notify you when a cookie is issued, or not to receive cookies at any time. We will ensure that we continue to provide you with clear and comprehensive information about the cookies we use, so that you can make informed decisions.”

Cop Out!



Are Businesses Outside UK, affected?

Yes, if they have operations in the EU.

If your business falls under the jurisdiction of the EU then it is subject to this law. The regulators who enforce it are based in the member states of the EU. So if your organisation is – say - located solely in the US, but sells to EU customers, we don't foresee this causing problems for you. (Source Silktide)

Can we just host our website outside of the EU?


If your organisation falls under the jurisdiction of the EU, it doesn't matter where your website is hosted. It will be your organisation that is prosecuted, not your hosting provider.(Source Silktide)


FAQ’sWhat does "strictly necessary" mean?

So if cookies are set for a service the user did not specifically request, they're not allowed. And if the service they did request didn't need those cookies, they're not allowed.

Analytics, behavioural advertising and conversion tracking therefore seem clearly excluded.

Login, adding items to a basket and most user preferences appear to be allowed.



Who is responsible for 3rd party cookies?

The website the user is visiting, at least for now.

EG Facebook “Like”; Google Analytics

what to do about it
What To Do About It
  • Ignore it & Hope For The Best
  • Implement It Fully  e.g. Remove unnecessary cookies – WordpressPlugin
  • Partially Implement It e.g. Updated privacy Policy.
  • Checkout Bt.Com Bottom Right Slider
  • Watch What people Like Amazon Do ...
  • Look Out For Test Cases, Like Accessibility Law.

I “Borrowed Heavily from...” Analytics Company to Download - Good For other stuff ) – Good Old favourite!


Conclusion / Recap

Be Aware of It.

Keep Your Head Down.

At Least Have a Privacy Policy.

Check What Others Are Doing Every 6 Months

Focus on Other Stuff – I Do.