Skip to content
Jan 16 / Nathan Levi

How will the EU cookie directive impact the digital media industry?

What’s the EU cookie directive I hear you ask? And who cares about biscuits (something my mum might ask)? In simple terms this new law which will come into force in May will require all websites to ask their ‘visitors’ if they can store information about them. For those of you whom I might be confusing I’ll play this out in real life. When you’re browsing a website, information will be stored as a text file (a cookie) on your computer so it can remember who you are. This is important for instance if you are filling out a form and make a mistake. The website will remember everything you’ve entered so that when you refresh the browser it doesn’t force you to have to enter all your information again. Cookies make your web experience a lot more practical and seamless. Without them you would find using the internet a pain in the derrière.

So what’s the issue with this I hear you ask? And are the biscuits gluten free I hear my mum echo? (okay okay, I’ll stop with the rabble). Well this isn’t really what people are getting flustered about. Websites also collect data so they can re-target you with advertising. For example, if you happen to be browsing for a flight or a hotel somewhere, the travel website you’re on will store this data and send you advertising when you’re on another website telling you to pay for the bloody trip to Malaga that you’ve been scouting for the last few weeks. This might be annoying to some and very useful to others. And herein lies the conundrum for advertisers. We don’t want to upset those who don’t want to be re-targeted, but we do want to find people who might need reminding that a trip to Malaga is much much cheaper than our competitors (why I’ve chosen Malaga as an example destination I’ll never know, I’ve not been there myself, I hear it’s quite boozy).

Adding to this already complex affair, many media technology companies are collecting data around the web and selling this to advertisers so they can target existing or new consumers (these are often called 3rd party cookies, where a website is allowing another company to collect data on its behalf). What this means in real terms is that when you visit The Sun website for instance, and are reading about Jordan’s new face lift, you might be categorized as somebody who is interested in plastic surgery. This media company will then sell this data so that advertisers can send you advertising telling you that cheek implants would really help sort out your love life (I kid of course). This is called ‘behavioural targeting’ at ‘digital media HQ’.  These same media technology companies are not only collecting online data but also offline data from the likes of Experian. They can therefore match your offline purchasing habits to your online behaviour, and hey presto, you’re seeing gambling adverts based on the fact that you spend a hell of a lot of money on lottery scratch cards (I’ve got to stop buying those pesky ‘Rich for Life’ ones which look so shiny).

People have therefore become weary about how much data is being collected and what is being done with it. The fact of the matter is that the web wouldn’t work without cookies. However, there is a feeling that consumers should be given the choice as to whether their data is collected or not. The EU directive will mean you will be seeing prompts on websites or in online adverts  asking you if you would like to switch off cookie targeting. You can easily delete cookies from your PC now with a few simple clicks. However, this needs to be done on a regular basis. People invariably forget or choose not to do this. There are also many tools out there which you can download (Ghostery being one) which tell you who is collecting your data.

My feeling is that having prompts on all websites and adverts will interfere with our online experience. It should be made easy for us to opt out of targeted advertising without having to do so each time we visit a website or see an ad for plastic surgery (I dread to think what categories I’ve been labelled with).

Agencies have a duty of care to protect their clients from being caught out by the cookie directive. This means firstly auditing the data they are collecting and who is collecting it. It means making sure all the publishers you are negotiating with on behalf of your client are compliant. It means presenting clients with best and worst case scenarios with regards to their marketing efforts and advising them on a best practice approach which is both compliant and consumer friendly. It means helping your client understand exactly what data is being collected on their behalf and its level of ‘intrusion’.

I really don’t believe like other cynics* that this will mean the end for behavioural targeting online. The government has clearly stated that they want a ‘business friendly’** approach. Ultimately consumers want transparency and if we can provide that whilst providing a richer online experience we should all be happy. I shall remain optimistic (for once!)




How will the EU cookie directive impact the digital media industry? online media eu cookie directive Digital media digital marketing


leave a comment
  1. Charlotte Haeger / Jan 18 2012


    We have been looking into this issue for quite some time now and have had similar reflections around the Cookie Law as you. After discussing this between us we came up with an solution, have a look

    Please contact me on my email and we can discuss this further

    Best Regards

  2. Chris Peckham / Jan 24 2012

    Thanks for your article Nathan – I think you are right that we have concerns about what data is collected about us, and how it is used.

    I’m a web developer and it is interesting to see some of the proposed compliance solutions that are only just starting to appear (like the Cookie Law one above, or Civic UK’s Cookie Control ( Although the UK Government would like a “business friendly” approach, compliance with the law introduces complexities that can be glossed over until actual implementations are investigated, which I think is what we are seeing in this first generation of compliance tools.

    Remembering that the Cookie Directive is opt-in, I have only seen compliance implementations that offer an all-or-nothing choice. A freedom of information request to the ICO showed that visits tracked with cookies dropped by 90% when the ICO implemented this approach on their own site. It is fairly easy to understand why, and it is difficult to see how this will not have a significant effect upon, amongst other things, behavioural targetting online.

    The International Chamber of Commerce UK Cookie Guide stresses the importance of a common vocabulary and categorisation for describing cookies and their uses. As the number of web sites that comply with the Directive increases, we will be presented each time with some kind of opt-in, and without a consistency of presentation, this will become very tiresome. Client side privacy plugins such as Ghostery unify this kind of thing for the major trackers, and also allow me to review my choices. The Cookie Directive requires server side privacy, which is no privacy when outside of the jurisdiction of the EU. The opt-in is one-time (first time) and on shared clients (a web browser used by a family, for example), subsequent visitors will be unaware of the choices made by the original consenter. Since privacy choices are recorded on each individual web server, there is no way to review this choice once made (we can inspect the cookie, but we don’t know what it means), and there is no provision in the Directive for ‘reminders’.

    I’m not optimistic about the current approach and I think we can be sure to see some big changes as we grapple with these issues. I believe that a technical solution is needed, along the lines of P3P:

    • Nathan Levi / Jan 24 2012

      Thanks for your comments Chris. Especially your observations privacy choices and the restrictions around this. I haven’t looked at this area in detail yet.

Leave a Comment