For the digital marketing community, preparation for enforcement of the ePrivacy directive is taking on the narrative of the Y2K crisis. Back in the 1990s, many companies stood by, waiting for it to disappear. Somewhere along the line, experts began to break through, convincing management that action needed to be taken to avoid disaster. The final months leading up to the deadline became a mad scramble.
Fortunately for UK and EU digital marketers, the 25 May is a legal deadline, not a potential collapse of the global computing system. But, if the industry doesn't take serious action, the eventual impact could be almost as catastrophic. Compliance with the ePrivacy directive illustrates an important connection between privacy, website performance and security.
In this three part series, we'll illustrate how iMedia Connection is approaching compliance for the iMedia site, and the broader business implications of it.
Step one: Understand all of the tracking on your siteThe ICO and CNIL (the French DPA) have both listed a comprehensive tracking audit as your first step, even before you worry about consent. Having this process in place will also buy you some time should a regulator come knocking. That is especially important for any marketer that is not overly eager to introduce radical new “prior consent interfaces" (e.g. opt-in) to its site. Doing this analysis right is a lot more than just a "cookie audit". Much of the tracking covered by the directive doesn't use cookies at all. You need to identify all of the tracking code that is firing on your sites to comply, and to understand the impact on your website's performance.
We used the Evidon Encompass platform to set up a comprehensive overview and ongoing monitoring of tracking activity including tags, cookies, and flash objects, covering both first and third parties. Encompass combines information gathered from the program, 'Ghostery', including 1.6 million active weekly user human panel, combined with data from a cloud-based web scanning system for the most comprehensive view available in the market.
The resultsEvidon Encompass revealed that 18 companies were tracking consumers on the iMedia site, in addition to iMedia itself as a first party. Those 18 companies were using a combination of 20 different unique tags, with Google using three and the others using one each. Two things jumped out:
1. The scope of companies tracking consumers on the site
2. How much of the tracking was coming from Google and Omniture
When tracking activity was organised by purpose, iMedia found that all but five tags were ad related. The exceptions were Omniture, Clicky, Google Analytics, LinkedIn, and Twitter. We'll see in part two, "Planning a consent strategy", where this distinction becomes important.
Ad-related tracking can often produce a range of ad networks and other companies that track the consumer, many of whom use cookies. The 13 ad-related companies that appear on iMedia are more dynamic and challenging to isolate, but knowing and disclosing all of these tags is a requirement for compliance with the directive.
Drilling into the Google tags, the Google "Custom Search Engine Tag" was by far the most prevalent, despite 'Google +1' tags making occasional appearances. This was reassuring, as the two tags that consumers are seeing with regularity across the site, a Google search engine tag (which you can see embedded in every page on the upper right) and iMedia's analytics provider, Omniture, were expected and are not seen as particularly intrusive by the ICO.
Next steps: Consent strategy, improved performance and security
The reaction from iMedia was consistent with our experience with sites large and small. Relief that there was real clarity into what's going on, coupled with broader business concerns.
Armed with complete knowledge of the tracking activity on its site, iMedia can now prepare a consent strategy. Different types of tracking can require different levels of consent, particularly for companies conducting business in jurisdictions where the directive is being interpreted conservatively. Balancing that consent with keeping the site easy to use can be a challenge.
Fortunately, iMedia has already lowered its risk profile by executing on the first request of the ICO and demonstrating its commitment to "the path of compliance".
The other big take-away from this analysis was the business impact of what all these companies are doing on iMedia and whether or not iMedia should allow them to remain. To help iMedia through the analysis, Evidon will provide answers to other key questions like:
• What business are these companies in? How are they using my data?
• Where did they appear on my site?
• Are these tags adding latency to my site that affects time spent, SEO and conversions?
• How much better or worse does my site compare to my peers' sites?
Next up! We'll walk through different consent options for the iMedia site and how to address different requirements for different trackers and countries.
Colin O'Malley is CSO at Evidon
