INside Performance Marketing
Top 50 Industry Players from 2017
E-Privacy Directive state of play - Q&A

E-Privacy Directive state of play - Q&A


Our recent survey showed affiliates still aren't implementing a cookie solution, is the performance channel naive to internet legislation?

In the two or three years building up to the enforcement of the cookie regulations, there was quite a lot of discussion about what its implications would be for performance marketing. I think that most affiliates are aware of the regulations so in that respect, no, I don't think the performance channel is naive. However, there is less of an understanding of how to actually go about to complying.

The ICO has previously said that it is not yet known what proper compliance looks like and that it is up to industry to devise different methods of getting informed consent from visitors. The ICO will then decide which of those methods constitute compliance. The result is a chicken-and-egg situation: affiliates are looking to the ICO for a better understanding of appropriate compliance measures, while the ICO are looking to industry for examples of compliance to consider.

Affiliates are in a tricky situation. All sensible affiliates will be taking steps to get compliant, but no affiliate would want to put itself at a competitive disadvantage by implementing solutions which impact negatively on user experience. I understand that most of the affiliates and website operators which are not complying with the cookie regulations are waiting to see what their competitors are doing and how the ICO will react.

Will it take some firm-handed action by the ICO before affiliates take compliance seriously?

EJ: All laws need some kind of enforcement, so generally speaking I would say yes. Most affiliates already take compliance seriously, but some will need the threat of enforcement to focus their attention.

If the ICO start to issue fines and public censures heavy-handedly, affiliates will be more likely to err on the side of caution when getting informed consent to the use of cookies. It could force affiliates to implement dogmatic solutions which guarantee strict compliance, rather than appropriate solutions which satisfy the objective of the cookie regulations - protecting visitors' privacy. However, I don't expect the ICO to be issuing fines to affiliates who have taken steps, albeit unsuccessfully, towards compliance. I expect the ICO will save any firm-handed action for repeated and flagrant breaches.

Should the ICO be shouldering the blame for not being ready (according to reports) to probe cookie complaints?

EJ: If the reports are true and the ICO are not ready to probe cookie complaints then I think the ICO should shoulder the blame. It is, after all, the ICO’s responsibility.

I understand that the ICO is not intending to respond to individual complaints. Instead, the ICO will be taking action against websites which are subject of a number of complaints. This seems like a sensible approach, but implementing this strategy would mean waiting for a decent number of complaints to be received. It was therefore probably not necessary for the ICO to have a full team in place the day after enforcement started.

Overall, would you say the cookie legislation has been successful?

EJ: It is still early days but I would say it has been successful - the majority of the most visited websites now ask visitors whether it is OK to drop a cookie, or at least let visitors know this is happening. In that sense, the public have much more power to manage cookies, even if there are still a fair amount of websites which are not compliant.

However, I think there are some gaps in the application of the cookie regulations. For example, the cookie regulations are not enforceable by the ICO against foreign businesses, even if their websites target UK visitors. This means that the UK public is getting less protection, while UK affiliates are put at a disadvantage by having to comply with regulations which do not apply to their foreign competitors.

What do you think the ICO should've done differently?

EJ: I would like to have seen more explicit practical guidance from the ICO on how best to comply. Some of the guidance posed more questions than it answered and most recommendations were subject to a number of caveats, which stopped those recommendations being really useful.

I also think the ICO could have timed its guidance better. Delaying enforcement was a great move by the ICO, but the guidance issued during that period was sometimes provided so late that it was difficult to respond in the timescales available.

Have we now heard the last of the E-Privacy Directive?

EJ: No. This is the beginning, and I think it will take a little while for the ICO and industry to find its feet when it comes to compliance. Over the next few months, it will be interesting to hear what types of complaints the ICO has been receiving from the public and what kind of breaches the ICO takes action against. This will better enable the performance marketing sector to fine-tune its compliance solutions. This information will no doubt cause some affiliates to do more to get compliant, while others will find they are actually able to do less and remain compliant.

As time passes, the public will become more aware of cookies. This will make informed consent easier to obtain, so consent solutions can be made less conspicuous while still satisfying the requirements of the regulations.

Continue the conversation

Got a question or comment – tweet Simon simonnholland or comment on Twitter, Facebook or LinkedIN.

Simon Holland

Simon Holland

Simon is the news and research reporter at Existem. Previously a technology journalist, he now spends his time investigating both future and developing trends in performance marketing whilst producing editorial content for

Read more from Simon

You may also like…