Saturday 28 May 2011
Who's watching you
Increasingly, retailers see the need to have a web presence in addition to a bricks-and-mortar store. Some retailers only have a web presence. Most, if not all, businesses that have a presence on the web use html or 'flash cookies'.
Local Shared Objects (LSO), commonly called flash cookies (due to their similarities with HTTP cookies), are pieces of data that websites which use Adobe Flash may store on a user's computer. While websites may use flash cookies for purposes such as storing user preferences, there have been privacy concerns regarding their use.
Cookies, therefore, provide those that use them with a significant amount of valuable intel which can be segmented and used to target consumers about products and services they are interested in. The information gathered can also provide insights for a retailer in how to structure their website and drive traffic through to the order page.
Some controversy has recently arisen regarding flash cookies because of not only how they are used, but also the difficulty in deleting them from a computer. There have also been some assertions made that flash cookies are used in some websites as hidden backups, so that they can revive HTTP cookies when a user deletes them.
Privacy laws in both countries prohibit the collection of data by cookies or other means where the information collected identifies a particular individual or - when pieced together with other available information - identifies an individual, without informed consent. In that context, it's not just New Zealand law that is relevant but also the law in the country of the person whose data you are collecting. The collection of personal information needs to comply with privacy laws in the user's country.
As the web is borderless, retailers can therefore, without even being consciously aware of it, reach consumers in far-flung places. This has the potential to increase the compliance issues for that retailer, particularly around privacy and the collection and storage of personal information.
Cookie use has, however, come under the spotlight internationally, along with its cousin 'targeted marketing'. There is a feeling by some that Internet users need to be protected from unwarranted observation of their on-line activities. Legislative changes and private legal action to protect consumers' privacy are currently under way in the European Union and the US.
To regulate cookie use, the European Commission has issued a directive requiring all 20 EU member states to pass national laws requiring user 'opt in' consent before a website can send a cookie. The only exception is where the cookie only helps provide a service that the user has asked for (such as remembering the contents of a shopping cart while the user clicks through a website). So far, only seven EU members - including the UK- have passed national laws as required. But the European Commission has started legal action against the remaining member states to force them to pass laws in accordance with the directive.
In the UK, the new law provides a maximum fine of £500,000 for serious breaches of the 'opt in' approach - and it's only a matter of time before someone is prosecuted.
Closer to home, the Australian Privacy Commissioner has advised that Australian privacy law is under review and the Commission is watching the EU approach with interest. But it looks unlikely that any specific control of cookie use in New Zealand or Australia is imminent.
What the above means is that if your website is aimed at New Zealand and Australian users only, then nothing has changed. There are no specific rules around cookie use, but you need to ensure you comply with privacy laws. However, if your site is directed at the European Union or the US, the rules around cookie use are changing. In the European Union you are likely to need to have users opt in before you can send them a cookie.
More broadly, this change in how cookies are treated in the European Union and the lawsuits involving flash cookie use in the US are a timely reminder that you need to comply with national laws in the countries at which your business is aimed.
An edited version of this article was published in NZRetail magazine, issue 700.