This article is more than 1 year old

One in two punters don't mind cookie-spewing stalking ads

Survey: Do not track, or do if you want

Nearly half of UK internet users are happy for advertisers to track their online activity in order to deliver more targeted ads, according to new survey figures.

As many as 45 per cent of 2,001 internet users aged 16 or over said they were happy for advertisers to track their online behaviour in order to deliver personalised ads, according to the survey results published by trade body the Internet Advertising Bureau UK (IAB) and ValueClick, the online advertising network.

The internet users also said they generally prefer to see fewer adverts that are relevant to them than a higher number of ads of lesser relevance, with 59% supportive of that view.

Only 10% of internet users would be happy to pay for internet content they currently can access for free if advertising on those sites was removed, whilst nearly a third said they had made a purchase on the strength of an internet-placed ad, according to the survey report.

Of those surveyed 89% said they want to control their online privacy, but 28% said they were happy for internet businesses to store and share their personal data if those firms are transparent about the activity. Only 19% of internet users do not "actively take steps" to protect their online privacy, according to the survey results.

Half of the people surveyed said they had deleted 'cookies' in the past six months, while only 42 per cent said they were "happy" that the use of cookies did not infringe on their privacy. However, fewer than one in four people were aware of what a cookie is, with 36 per cent admitting they were "unaware" of them altogether.

Cookies are small text files that record internet users' online activity and store the information on a user's computer, but new EU laws say users should be given the choice whether they consent to websites tracking their behaviour.

Publishers and advertising networks use cookies to track user behaviour on websites in order to target adverts to individuals based on that behaviour.

The Internet Advertising Bureau (IAB) Europe has developed a voluntary code that requires businesses sign up to display an icon if they use adverts that track users' behaviour. If users click on the icon they are taken to a website that will enable them to switch off behavioural adverts delivered by companies that use the icon.

Under the voluntary code, website operators must also give users access to any easy method for turning off cookie-tracking on their own site, and must make it known to users that they collect data on them for behavioural advertising. Websites adhering to the rules also have to publish details of how they collect and use data, including whether personal or sensitive personal data is involved. Details of which advertisers or groups of advertisers they make the data available to also have to be published.

However, despite praise for the framework from EU Commissioner Neelie Kroes and the UK's Culture Minister Ed Vaizey, the IAB's voluntary code has drawn criticism from an EU privacy watchdog. The Article 29 Working Party, which is a committee made up of representatives from each of the EU member states' data protection authorities, has said that signing-up to the voluntary code was not sufficient to ensure website operators comply with new requirements for obtaining users' consent to cookies under EU laws.

The IAB has defended itself against the criticism by insisting that its framework was not designed to comply with those privacy laws but that it could be used alongside other methods in order to obtain consent.

Under the EU's Privacy and Electronic Communications Directive storing and accessing information on users' computers is only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information ... about the purposes of the processing".

An exception exists where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user – so cookies can take a user from a product page to a checkout without the need for consent, for example.

Have you given 'informed consent'?

The Directive takes its definition of 'consent' from EU data protection laws, which state that consent must be "freely given, specific and informed". The new laws were implemented into UK law last May. The amended Privacy and Electronic Communications Regulations state that website owners must obtain "informed consent" to tracking users through cookies.

At the time that the new Regulations came into effect the Information Commissioner's Office – the UK's data protection watchdog – said that it would allow a year's grace in its enforcement action providing website operators worked towards complying with the new consent requirements. The ICO is due to begin its enforcement regime from 26 May.

A lack of an adequate technical solution within browser settings to enable user consent to cookies to be expressed was attributed by the ICO as the reason for the year's enforcement hiatus.

Subsequent developments have been made in the US towards the development of browser 'opt out' tools that would enable internet users to control what ads they receive.

In a separate initiative internet companies have been working alongside the World Wide Web Consortium (W3C) on a set mechanism for enabling users to opt out of being tracked across the internet. W3C is responsible for ensuring that web technology is based on an agreed set of technical standards.

Work on that project remains ongoing and aims to establish a 'do not track' standard that would prevent web companies tracking users in order to serve personalised content as well as targeted ads.

Last summer Neelie Kroes warned internet companies that she would "not hesitate to employ all available means to ensure our citizens' right to privacy" if a standardised system for indicating user consent to their online activity being tracked was not agreed by June 2012.

The ICO has issued non-prescriptive guidance on how website operators can meet the new consent requirements whilst they await the developments in browser settings.

The alternative methods for obtaining user consent include using 'pop-up' prompts on users' screens that ask for consent to cookies when the individuals access web pages. Consent can also be obtained by using terms of use or terms and conditions that ask for consent from users when they first register or sign-up to websites.

Consent can also be gleaned from preferences that users choose when visiting a website. Website features, such as videos, that remember how users personalise their interaction can also determine user consent.

Website operators can also elect to display text at either the top or bottom of web pages that asks for consent and links through to more detailed explanation about their use of cookies.

The ICO has left it up to individual operators to determine what methods to choose.

Last month the watchdog said that it is "highly unlikely" to take action against the users of data analytics cookies on websites if they fall foul of new EU rules on cookie consent under its imminent new enforcement regime. Most sites use cookies to measure the number of users of their site and how they use it. These are data analytics cookies.

The ICO is due to host a press briefing on 18 May where further detail about the way the watchdog is planning to enforce the new laws are likely to emerge.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like