To general relief (and for some – deep frustration at wasted effort) the ICO softened their Cookie Law guidance last week around implied consent. Whether our fairly straight-forward approach on jisc.ac.uk is enough we’ll have to wait and see…
Becoming a cookie cutter
After an Attacat Cookie Audit we stripped out our more intrusive cookies*.
For us losing Disqus wasn’t a great loss with nearly all of our discussion happening off site. I can imagine other website owners couldn’t be so cheerfully ruthless though, and it seems surprising Disqus haven’t made things easier for them.
Consistent cookie information
We then added details of our cookies to the privacy page. Being big fans of sharing – much of our cookie guidance was adapted from the (fairly wonderful) gov.uk. They’d shared this under the Open Government License.
Earlier our very own digital sage, Brian Kelly, suggested the sector could adopt consistent wording for cookie guidance. With its friendly, accessible style, and neutral origin, perhaps the gov.uk text would be a good starting point?
Raised awareness & implied consent
With intrusive third-party cookies dealt with we felt confident in raising visitor awareness and then assuming consent.
The BBC went for a more noticeable message, but that only appears once:
John Lewis opted for a very tasteful ‘Privacy & cookies’ link on their header navigation:
Though the John Lewis link is discrete its permanence in such an important spot seems a shame. It may be well meaning but the link isn’t there because their visitors wanted it there – it’s statutory clutter.
Personally the BBC approach is most appealing to me. A genuinely eye-catching message to inform the visitor about cookies, which gets out of the way when they decide to ignore it. We might want visitors to care about cookies but if they aren’t interested the message should get out of their way.
Whether any of these approaches go far enough in the eyes of the ICO we’ll have to wait and see. It may well be that more intrusive third party cookies will require much more than implied consent. With the work on our new site coming along we’ll certainly be watching very carefully.
*We found addthis, embedded YouTube videos, and Disqus comments all dropped persistent cookies as users moved through our site, regardless of whether they interacted with the plug-ins. This sort of unexpected third-party tracking leaves a slightly bad taste in the mouth (take note twitter), and vindicates this renewed focus on cookies and privacy – however clumsily it may have been pursued.