Cookie Policy and how to comply with current EU E-privacy standards

What happens to online personalization if cookie policy makes more customers opt-out?

Well, not necessarily much. Sure, it might take some active marketing and communication, but having a premium user experience at the end of the tunnel, will help you sway cookie skeptics.

Towards the end of 2019 the Danish Business Authority released their updated guidelines for the use of cookies on websites. The guidelines elaborate on the 2002 EU Directive on privacy and electronic communications – 32002L0058 and were recently superseded by The Danish Data Protection Agency’s verdict in a case regarding explicit consent to sharing GDPR-regulated data with third parties.

The guidelines now state that consumers must actively opt-in to specific types of cookies. Normally website cookies are divided into four groups; Technical (necessary), Functional, Statistics, and Marketing, often there’s also an Unclassified category for edge case or non-categorized cookies.

Technically necessary cookies do not require user consent in order to be applied. These cookies could be for storing cart information or support payment options. Anything else must be divided into other groups, allowing the user to opt-in at a group level.

We believe that this new, strict interpretation of the EU directive, essentially actively forbidding auto-enabled cookies may cause many website users to opt-out of all non-essential cookies. This of course pose some potential problems for e-commerce companies, for whom personalized content, based on cookie information, is a major part of the customer journey as all personalization cookies will be disabled at default.

Third-party cookies are out

Some browsers, like Safari and Firefox, block third party cookies as standard already. Google Chrome will phase out third party cookie support within the next two years.

Legal versus operational

Since GDPR was put into effect, some may have acted to comply out of fear of legal consequences. But successful GDPR-compliance requires taking a deep dive into the company’s operations, and spend the time evaluating each case where personal user-data is stored or used. GDPR isn’t a legal issue, even if lawyers make good money on framing it as such, it’s a framework designed to protect ordinary people and by doing that it forces businesses and organizations to asses exactly which types of data they need from users and customers, as well as what exactly they need the data for.

Now GDPR poses an operational challenge to using cookies, and every organization should make a careful assessment of what exactly they need cookies for. Ad-services are already trying to mitigate the consequences of third-party cookie-blocks, and all website owners should be preparing for this new normal. This could be the time to begin changing the organizational approach to user tracking and personalization.

Now what?

Our initial fear was a massive reduction in cookie consent on websites that implemented the new standards.

Data privacy activists are fighting harder than ever to disempower companies utilizing digital user data. Companies, however, still rely on such data to get an edge in the competition for customers attention. Losing not only third-party cookie-support, but in the worst case all non-technically necessary cookies to the new requirements for cookie-consent pose a serious problem for E-commerce businesses and news sites. However, preliminary data shows little to no change at all in user behavior; people still accept cookies, even on websites where opt-out is as easy and present as opt-in.

That should calm the nerves of many website owners. It’s still worth, though, taking an in-depth look at how you use cookies.

To maintain high quality personalization here are some things to consider:

Convince users to opt-in to personalization cookies

Transparent and honest communication about how exactly the customer benefits from this specific type of cookies. Better, personalized product suggestions, more relevant search results, and, though many consumers might dislike retargeting, higher quality ads on the web.

For this approach to work, it’s important to ensure Raptors cookies are categorized correctly in the cookie-selection popup. Raptors cookies are functional cookies for personalization, not marketing. That’s an essential distinction, as early data from Raptor-users indicate users are more likely to reject marketing-cookies.

Implement a stronger soft–login strategy

Once users are registered, it’s a lot easier keeping track of individual behavior and preferences. In B2B-context, walled e-commerce stores are common, but B2C shops normally wish to keep their storefronts as open as possible. To accommodate both an open store front as well as getting more registered users, one option is an incentive or loyalty program. A cash discount could be one option, but other types of offers focusing on the added customer value for returning users, might entice them to stay logged in.

Raptor can use other cookies than our own for personalization purposes. A soft login is ideal because it ties directly to a known user and can be used across devices.

Target untracked users with enterprise-level personalization