One in two punters don't mind cookie-spewing stalking ads

Survey: Do not track, or do if you want

Nearly half of UK internet users are happy for advertisers to track their online activity in order to deliver more targeted ads, according to new survey figures.

As many as 45 per cent of 2,001 internet users aged 16 or over said they were happy for advertisers to track their online behaviour in order to deliver personalised ads, according to the survey results published by trade body the Internet Advertising Bureau UK (IAB) and ValueClick, the online advertising network.

The internet users also said they generally prefer to see fewer adverts that are relevant to them than a higher number of ads of lesser relevance, with 59% supportive of that view.

Only 10% of internet users would be happy to pay for internet content they currently can access for free if advertising on those sites was removed, whilst nearly a third said they had made a purchase on the strength of an internet-placed ad, according to the survey report.

Of those surveyed 89% said they want to control their online privacy, but 28% said they were happy for internet businesses to store and share their personal data if those firms are transparent about the activity. Only 19% of internet users do not "actively take steps" to protect their online privacy, according to the survey results.

Half of the people surveyed said they had deleted 'cookies' in the past six months, while only 42 per cent said they were "happy" that the use of cookies did not infringe on their privacy. However, fewer than one in four people were aware of what a cookie is, with 36 per cent admitting they were "unaware" of them altogether.

Cookies are small text files that record internet users' online activity and store the information on a user's computer, but new EU laws say users should be given the choice whether they consent to websites tracking their behaviour.

Publishers and advertising networks use cookies to track user behaviour on websites in order to target adverts to individuals based on that behaviour.

The Internet Advertising Bureau (IAB) Europe has developed a voluntary code that requires businesses sign up to display an icon if they use adverts that track users' behaviour. If users click on the icon they are taken to a website that will enable them to switch off behavioural adverts delivered by companies that use the icon.

Under the voluntary code, website operators must also give users access to any easy method for turning off cookie-tracking on their own site, and must make it known to users that they collect data on them for behavioural advertising. Websites adhering to the rules also have to publish details of how they collect and use data, including whether personal or sensitive personal data is involved. Details of which advertisers or groups of advertisers they make the data available to also have to be published.

However, despite praise for the framework from EU Commissioner Neelie Kroes and the UK's Culture Minister Ed Vaizey, the IAB's voluntary code has drawn criticism from an EU privacy watchdog. The Article 29 Working Party, which is a committee made up of representatives from each of the EU member states' data protection authorities, has said that signing-up to the voluntary code was not sufficient to ensure website operators comply with new requirements for obtaining users' consent to cookies under EU laws.

The IAB has defended itself against the criticism by insisting that its framework was not designed to comply with those privacy laws but that it could be used alongside other methods in order to obtain consent.

Under the EU's Privacy and Electronic Communications Directive storing and accessing information on users' computers is only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information ... about the purposes of the processing".

An exception exists where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user – so cookies can take a user from a product page to a checkout without the need for consent, for example.

Have you given 'informed consent'?

The Directive takes its definition of 'consent' from EU data protection laws, which state that consent must be "freely given, specific and informed". The new laws were implemented into UK law last May. The amended Privacy and Electronic Communications Regulations state that website owners must obtain "informed consent" to tracking users through cookies.

At the time that the new Regulations came into effect the Information Commissioner's Office – the UK's data protection watchdog – said that it would allow a year's grace in its enforcement action providing website operators worked towards complying with the new consent requirements. The ICO is due to begin its enforcement regime from 26 May.

A lack of an adequate technical solution within browser settings to enable user consent to cookies to be expressed was attributed by the ICO as the reason for the year's enforcement hiatus.

Subsequent developments have been made in the US towards the development of browser 'opt out' tools that would enable internet users to control what ads they receive.

In a separate initiative internet companies have been working alongside the World Wide Web Consortium (W3C) on a set mechanism for enabling users to opt out of being tracked across the internet. W3C is responsible for ensuring that web technology is based on an agreed set of technical standards.

Work on that project remains ongoing and aims to establish a 'do not track' standard that would prevent web companies tracking users in order to serve personalised content as well as targeted ads.

Last summer Neelie Kroes warned internet companies that she would "not hesitate to employ all available means to ensure our citizens' right to privacy" if a standardised system for indicating user consent to their online activity being tracked was not agreed by June 2012.

The ICO has issued non-prescriptive guidance on how website operators can meet the new consent requirements whilst they await the developments in browser settings.

The alternative methods for obtaining user consent include using 'pop-up' prompts on users' screens that ask for consent to cookies when the individuals access web pages. Consent can also be obtained by using terms of use or terms and conditions that ask for consent from users when they first register or sign-up to websites.

Consent can also be gleaned from preferences that users choose when visiting a website. Website features, such as videos, that remember how users personalise their interaction can also determine user consent.

Website operators can also elect to display text at either the top or bottom of web pages that asks for consent and links through to more detailed explanation about their use of cookies.

The ICO has left it up to individual operators to determine what methods to choose.

Last month the watchdog said that it is "highly unlikely" to take action against the users of data analytics cookies on websites if they fall foul of new EU rules on cookie consent under its imminent new enforcement regime. Most sites use cookies to measure the number of users of their site and how they use it. These are data analytics cookies.

The ICO is due to host a press briefing on 18 May where further detail about the way the watchdog is planning to enforce the new laws are likely to emerge.

Copyright © 2012, is part of international law firm Pinsent Masons.

Similar topics

Other stories you might like

  • Minimal, systemd-free Alpine Linux releases version 3.16
    A widespread distro that many of its users don't even know they have

    Version 3.16.0 of Alpine Linux is out – one of the most significant of the many lightweight distros.

    Version 3.16.0 is worth a look, especially if you want to broaden your skills.

    Alpine is interesting because it's not just another me-too distro. It bucks a lot of the trends in modern Linux, and while it's not the easiest to set up, it's a great deal easier to get it working than it was a few releases ago.

    Continue reading
  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Slack-for-engineers Mattermost on open source and data sovereignty
    Control and access are becoming a hot button for orgs

    Interview "It's our data, it's our intellectual property. Being able to migrate it out those systems is near impossible... It was a real frustration for us."

    These were the words of communication and collaboration platform Mattermost's founder and CTO, Corey Hulen, speaking to The Register about open source, sovereignty and audio bridges.

    "Some of the history of Mattermost is exactly that problem," says Hulen of the issue of closed source software. "We were using proprietary tools – we were not a collaboration platform before, we were a games company before – [and] we were extremely frustrated because we couldn't get our intellectual property out of those systems..."

    Continue reading

Biting the hand that feeds IT © 1998–2022