As Facebook refutes its own cookie tracking activities, their defensive comment reveals one of the major compliance issues organisations have, as they struggle with new regulatory and legislative requirements.
If the balance of power swings from the 'aggressive, factually correct, prior informed consent' view of the Article 29 Working Party, to the more business-centric, 'did we really say opt-in?' view of Ed Vaizey and UK Gov, we may well see organisations adopting the browser-based mechanism for acquiring consent to drop/read cookies i.e. we will honour the Do Not Track (DNT) bit you have set in your browser. (Yes, it should default install to do NOT track!).
Now comes the tricky bit [no pun intended], what does the 'T' stand for in DNT (Track, I know). What will you do when a browser visits your site with DNT set ON?
Facebook said .. "it does use cookies to personalise some
content on the site, but that this information is not used to serve
users with targeted ads, is not sold on and is either deleted or
anonymised within three months".
I can just here the laughter round the table at the Article 29 Working Party lunch; 'They don't use cookies to serve ads .. whateeever!'
The technology neutral stance of the amended PEC Regs now works against us, as we clearly have to consider all information stored/accessed on the users terminal equipment, not just cookies for ad serving!
For an interesting US view on the issue and a possible solution, take a look at Chris Soghoian's blog
X-Behavioral-Ad-Opt-Out: 1
X-Do-Not-Track: 1
Interestingly this is converging on the EASA best practices guidelines which differentiates between 1st and 3rd party use of data stored on terminal equipment.
Good idea, but .. as I 'spin round the web' I will have vastly differing relationships with the sites I visit, some I trust, some I don't (I will be blogging on this soon, but for in-depth analysis Soren Preibusch's article is empirically informative). That means I have to constantly swap my DNT bits! Not convinient, so I end up leaving DNT set on to the detriment of marketing revenue streams.
So here's an idea I came up with whilst chatting with the IAB 'Lead Generation' team (drum roll) ..
Let's resurrect the dead, and deploy Zombie/Ever cookies for GOOD things! What if an 'evercookie' were deployed which identifed my particular site preference? The great thing about evercookies is that they keep remembering, so they can keep remembering important stuff like whether a site should i) honour my DNT bits or ii) over-ride them
Sites could drop and DNT evercookie which the user controls through a UI and then honour the settings recorded in the evercokie. If no evercookie is present, honour the browser setting.
Might even satisfy the A29WP!
Comments