A clear approach that enables consumers to opt-in upfront is perhaps the most logical route for brands to take. However, as the ICO site saw its traffic drop 90% when it first introduced the opt-in banner, it is sensible for brands to also consider an auto opt-in approach.
An auto opt-in approach means that whilst consumers are given the tools to opt out of having a cookie placed on their machine, they are automatically tracked from the moment they hit your site.
Both an automatic opt-in and opt-out approach are viable options. The question brands should be asking themselves is ‘Am I providing my customers with the opportunity to provide their consent?’
Of course, if you operate internationally, you will also need to understand how your approach will play out when the directive is enforced in new countries. The UK is leading in introducing the cookie law but all 27 member states of the EU are planning implementation of their own laws. The US Congress is also looking at introducing a similar e-Privacy directive. From a legal perspective, brands should start by adhering to the UK law and then take market specific legal guidance as the directive is introduced as law into each new market.
In focusing on complying with the UK law, don’t focus on the financial punishment for missing the deadline. The ICO is unlikely to administer the maximum fine of £500,000 to just anyone. In fact, whilst the ICO may seem to have been harsh in its handling of the directive’s introduction and enforcement so far, it has provided a more flexible non-prescriptive approach for UK websites than its counterparts in the EU look set to offer.
As a UK brand, embrace the flexibility on offer to find an approach that enables your customers to easily provide their consent. Get it right in the UK and no matter what territory you expand into you will be on (and stay on) the front foot.