ICO Cookie Monster Strikes Tomorrow

Friday, May 25th, 2012

May 25, 2012

On May 26, 2011, a new web privacy law came into effect in the United Kingdom (UK). The UK was first of the 27 European Union (EU) states to bring their laws in line with the directive intended to protect the privacy of individuals within the EU. With an understanding that there is work to be done and technical issues to resolve, the UK Government extended a one-year grace period for web sites to comply with the new regulations.

Well, the time as come! Effective tomorrow, the grace period is over and the Information Commissioners Office (ICO) will be authorized to impose fines of up to £500,000 — heavy!. In theory, all web sites that serve UK visitors would be subject to this legislation. In reality however, it will be very hard to pursue a case against companies with no legal presence in the EU.

While a few organizations may be looking to leverage web server locations as a scapegoat, it is the location of the legal entities that the enforcement agencies will be focused on– the web host locations won’t matter. There are many types of cookies and forms of consent, so the rules can get pretty complicated. So before you decide to cuddle with the cookie monster, consider that he can complicate your life and confine your business. For example, the legislation does not require consent for cookies to be used in situations defined as ‘strictly necessary’ — but what does that mean? As currently clarified, if a user has placed an order online, then it’s implied by the user’s initial request that permission be granted without further consent to interfere with the transaction. This is just one example of an exemption to the consent requirement, and there are likely to be many more as the battle continues. Very few precedents have been set, so it will be interesting to watch the progression in Europe — and to compare and contrast with the ‘Do Not Track’ agendas in the United States.

To further complicate the legislative implications, take a peek at the definition of “Consent” as noted in the Open letter on the UK implementation of Article 5(3) of the e-Privacy Directive on cookies: “Consent” is defined in the Data Protection Directive as “any freely given specific and informed indication of his wishes.” Note that there are no time constraints associated with this definition, and no specification that the consent must be “prior consent”. Therefore, it is possible that consent may be given after or during processing.

While a few of us may start to feel better about our online privacy, and I’d expect virtually none from the online marketing communities, this legislation has negative implications. The efforts required to acquire informed consent on the use of cookies are likely to be costly for web site owners and businesses. Non-compliant web site owners will have an advantage as well, because their users will not be faced with questions that interfere with their browsing and buying activities.

Is the EU agenda overkill? Why can’t we just rely on innovative solutions that work with our browsers, like Ghostery for instance, to give us better insight and control?

To learn more about online behavioral advertising using cookies, take a look at the video below from Christina Tsuei at The Wall Street Journal. This was created back in 2010, but still very relevant and helpful for understanding how cookies work.

The best kept secret in marketing?

Tuesday, September 8th, 2009

I know of this website that gives you access to every mailing list on the market from every vendor – all in one place. Some pay $50+ to get its location, but I give it to you here for free…

The best kept secret in marketing

NextMark's mailing lists search tool (on the web at is a free marketing tool that has been described as "the best kept secret in marketing."

Why is this website a secret? In truth, it's not.

In fact, google "buy mailing lists" and you'll find it right there at the top of the most relevant results. But most marketers don't realize that an index of mailing lists exists and don't even bother trying to find it.

I've learned of enterprising individuals exploiting this knowledge gap and charging $50 or more to reveal this "secret tool" to you. I've looked into this scheme and there's nothing technically illegal about it, but it seems wrong to have to pay money to get a web address.

Please spread the word that the mailing lists search tool is free and available to any marketer who is looking for mailing lists.

Spammers and porn sites team up to beat CAPTCHA

Tuesday, July 17th, 2007

I was just reading an interesting article The Human Advantage in the July 07 of Wired Magazine.  The story is about this computer genius Luis von Ahn who has developed various ways for humans to assist computers.  One of von Ahn’s inventions is the CAPTCHA — it’s that distorted text box that you see when you register for a new free email account and on other forms.  CAPTCHA is an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart."  The goal of CAPTCHA is to prevent spambots and other evilbots from registering on these forms and wreaking havoc.  Since computers have a really tough time figuring out these puzzles, it is a very effective shield.

But it turns out the spammers were not totally thwarted.  They turned to their friends who run porn sites and they made a deal… the porn sites offered free porn to its human users in return for solving CAPTCHA puzzles passed over from the spammers.  So, the spambot encounters a CAPTCHA passes it to the porn site who presents it to the user who solves the puzzle and sends the answer back to the spambot who enters the answer and then wreaks its havoc.

Very creative.  What if these guys used their creativity for good?  The world would be a much better place.