CEO | TRUSTe
In an hour the EU Cookie Directive will go into effect in the UK, requiring companies to have a user’s informed consent to store or access information (like cookies or web beacons) on their digital devices. Earlier in the week we turned on a solution addressing the Directive on our own website in the EU. It’s an implied consent implementation that users outside of the EU can view at www.truste.co.uk (pictured in the screenshot below). We’re also working with hundreds of other companies to help them address the Directive in the UK and greater EU as well.
Today the UK ICO released updated advice and guidance around the Directive, which notably included an endorsement for implied consent as a valid form of consent (provided users are aware of it). As I noted in a previous post, EU member states have adopted varying consent standards around the Directive, which means companies will need to remain flexible in their approach to addressing this law across the EU. What works in the UK will not necessarily work in France or the Netherlands.
At TRUSTe we conducted a good deal of consumer and industry research leading up to the implementation deadline in the UK. In March we released a survey that found a high degree of privacy concern (90%) among U.K. adults. In April, we published the results of our research into the privacy and tracking practices of top UK websites. We found that the average website has 14 individual trackers per page and that more than two-thirds come from unaffiliated third parties and nearly half are persistent and remain even after the user has left the site. Finally, this week we published a survey around UK consumer awareness and attitudes toward the Cookie Directive. We were surprised to learn that only 1 in 4 UK adults was aware of the May 26th compliance deadline. Those individuals who were aware of the deadline, however, had strong opinions: 78% expected companies to comply with the Directive and more than half said they plan to avoid websites who do not comply.
We’re encouraged by the compliance momentum we’ve seen first-hand in the market. Companies who have not taken steps to comply in the UK should get started as soon as possible. The worst thing a company can do right now is nothing. It’s game time in the UK and your company should come prepared to play.