Newsletter

Coping with the ICO’s updated cookie guidance

Mobile Marketing

Last month, the UK Information Commissioner Office’s (ICO) upgraded its cookie guidance, with the result that consent is now needed for analytics cookies. James Rosewell, CEO and founder of 51Degrees, explains the changes and the impact they will have and provides some options to mitigate the significant drop off in analytics data that will result.

Anyone visiting the ICO website since July 2019 is presented with an ‘Our use of cookies’ dialogue which must be acknowledged before interacting with the site. The dialogue, and the ICO’s own cookie guidance, demonstrated the standard of consent required.

In summary, the guidance categorizes analytics cookies as non-essential for the provision of the website service. Any non-essential cookies require explicit consent. Therefore the On/Off switch defaults to Off and must be changed to On by the visitor to the website before Google – or any other analytics – cookies can be used. 

Doubtless some businesses will rightly argue that they cannot be profitable without the presence of cookies which the ICO has deemed to be non-essential. They will argue that such cookies are essential to the profitability of their business and therefore cannot be considered non-essential. Such sectors include AdTech and publishers. Such a debate will take some time to conclude with regulators like the ICO unlikely to back down any time soon.

Cookie walls
The ICO is consulting with businesses and considering the role of “cookie walls”, where the user must consent to all cookies before being allowed access to the website. If they don’t consent, then they’re not allowed in. Such solutions might address the problem for some businesses, but many other will find “walls” heavy-handed, off-putting and off-brand. Fortunately, other solutions exist.

Rather than waiting for the non-essential cookie debate to conclude, the simplest solution is to remove all non-essential cookies from the website. The ugly consent dialogue can then be removed. Without any analytics data fewer digital marketing people will be needed. Head count can be reduced, and profits increased. What’s not to like?

Quite a lot, obviously. But what if analytics could be performed without using cookies? Then the digital marketing team can stay.

The problem with cookies, and analytics, and the web in general, is that too much of a website’s intelligence has been pushed into the web browser. The drawbacks of more than a decade of such client-side, responsive web design (RWD) thinking manifest themselves in poor performance, high costs to operate and now in regulatory guidance preventing some of the techniques used to power them.

Think server-side
Serving a web page is “the” essential operation of a website. If anonymized analytics were collected from the web server by virtue of that web server serving a page and not within the web page via JavaScript then no cookies would be required. If the data collected is not personal data, GPDR does not apply. Server-side web pushes more work to the more powerful and controllable web server.

I described how to switch Google Analytics to a server side deployment in 2014 for Smashing Magazine. Whilst the driving force behind the switch was to improve website performance and take away potentially costly analytics JavaScript bloating the overall page weight of the website, the technique remains applicable today.

Remembering state across multiple web pages is an essential feature of almost every website. For example; recording preferences for products or retaining user-entered form data across pages. A globally unique session cookie is the most common method to achieve these essential features. With the presence of a session cookie, activity from one page can be related to another and a user journey formed in server-side analytics.

Clear benefits
Such a server-side approach to analytics will lack some of the features of a cookie-based client-side solution. The approach will need to be enhanced to record data points such as page render time, time on page and events that don’t result in a fresh page or new data being requested. But then the alternative is losing visibility of almost all web traffic, the benefits should be clear.

Implementing analytics server-side will provide visibility of all web traffic. There’s nothing to stop a traditional client-side analytics solution being used at the same time for the limited set of people who will move the off default setting to On. The only drawback is the ugly consent dialogue.

Think different
When the ICO guidance is considered alongside Apple’s WebKit and Mozilla’s tracking policy, web professionals used to an abundance of data will soon have very little.

Thinking differently about the web technology used and shifting more intelligence to the web server will provide an enduring solution to cookies, and a more effective technology platform to respond to regulatory changes.

YOU MAY ALSO BE INTERESTED IN