UK regulator ICO is set to play cookie cop for the digital ad industry
This week, U.K. data protection authority the Information Commissioner’s Office issued a blunt reminder of how cookies should be used under the Privacy Electronics Communications Regulation. The reason: The law has now been updated to mirror the General Data Protection Regulation’s rules on consent.
Since last year, the wide interpretation of GDPR and a lack of standardization of consent management platforms, which relay consent-request messages to users — have resulted in a messy consumer experience.
The ICO wants to bust any misunderstandings around how and where cookies can be used in advertising and other online services. But it has only vetoed cookies that are “non-essential.” That means any cookie necessary for the delivery of the service a person has requested to use doesn’t need user consent.
“Cookie compliance will be an increasing regulatory priority for the ICO in the future,” wrote Ali Shah, head of technology policy for the ICO in the update. He added that all future action will be proportionate, but that businesses should run cookie audits.
The ad tech industry has already been on red alert since the ICO warned that current ad-targeting practices weren’t legal under GDPR, last month. Others believe this latest guidance takes that up another notch.
Here is a look at what the ICO has vetoed:
Farewell implied consent
Thanks to GDPR, (this was legal under PECR previously) implied consent can no longer be relied on for cookies or for processing personal data. That means users must give explicit consent to cookies which are deemed non-essential to their website visit or intentions for using an online service (like a purchase). Pre-ticked boxes (of which there are still many) or any tactic that means users are opted in by default are not allowed for non-essential cookies. Users must be given absolute control over what non-essential cookies are dropped on them and these kinds of cookies also can’t be set on landing pages before that user has given consent. Naturally, some businesses would argue that all their cookies are essential for performing their business or service to a user. That would be a risky assumption.
Analytics cookies need consent
It looks like the trusty analytics cookies are out of luck. The ICO has deemed these should require user consent, because otherwise users aren’t aware this type of cookie is being dropped on their computer when they use an online service. For that reason, the ICO has said they are aren’t necessary for the user to be able to access a service; therefore, they must have user consent.
“Time will tell how many people give consent for non-essential cookies, but it will undoubtedly restrict the reach of advertisers,” added Gracey.
Cookie walls: dead on arrival
An idea bandied around at one point ahead of GDPR was the notion of a “tracking wall” or what the ICO refers to as a cookie wall. The concept is that any visitor to a publisher’s site that has a tracking wall installed won’t be able to continue on the site, read or watch the content until they give consent to their data being used and stored by that publisher for advertising purposes. It also applies to a lot of assumed consent strategies. Many sites have added a message to the effect that using the site means giving consent to cookies. However, the ICO has stated this is not valid consent under GDPR.
As the ICO recently stated in its latest GDPR update, relying on legitimate interest for sending targeted advertising is a hard no. Same goes for PECR. In fact, the ICO claimed this had always been the case under PECR.
“PECR always requires consent for non-essential cookies, such as those used for the purposes of marketing and advertising. Legitimate interests cannot be relied upon for these cookies,” wrote Shah.
Bustle Digital Group, G/O Media cut staff
Bustle Digital Group announced the layoffs of a dozen staffers on Friday, including the entirety of The Outline’s staff, and pay cuts for some remaining employees.
‘Companies are in freeze mode’: Coronavirus crisis strains ad tech licensing model
Like so many other industries, the coronavirus crisis is rapidly separating the distance between the haves and the have nots in the software-as-a-service sector. In ad tech in particular, there was a rush in the middle of the last decade for companies to switch their models from charging clients a percentage of the media they […]
Member ExclusiveAs the DTC reckoning accelerates, founders turn to each other for advice and sanity
"The coronavirus outbreak notwithstanding, there were a lot of issues that were spread out through the rest of the DTC ecosystem going into the first-quarter of this year," said Jeremy Cai, founder of Italic, which sells luxury bedding, apparel and handbags. "I feel like we are settling into a new normal in many ways of being conservative," he said.
SponsoredPublishers are experimenting with more engagement models
A growing number of publishers are using registration walls, paywalls and metered models to collect first-party user data and drive subscription revenue.
Advertisers ‘don’t want to sound tone deaf’: Candid thoughts of publishers navigating crisis
Publishers gathered virtually to discuss the challenges they're facing within their businesses and what their strategies are for weathering the storm.
Member Exclusive‘Math doesn’t add up’: Publishers still face tough choices
“Just salary cuts will at most bring the costs down by 10%, at most, I can guarantee,” one exec messaged me.