Gone are the days of simply hooking Google Analytics to your website or ecommerce shop. Equally no longer may you infer consent from the users continued use of your website.
Consent must be freely given, an informed decision based on clear and specific knowledge. We would also suggest that it is obtained and managed using a dedicated solution rather than a DIY one or directing your users to cookie management articles on their chosen web browsers.
Requirements of Cookie Consent
To answer this, let’s review what the Information Commissioners Office (ICO) has to say about consent.
The Privacy and Electronic Communications Regulations (PECR) requires that users give consent to cookies being places or used on their devices but does not clearly define consent. Neither does the ePrivacy directive, just to add confusion, however Article 4(11) of the UK GDPR states: -
"‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her."
In fact, the UK requirements are not clearly laid out in once place and so it is good practice to derive them from the EU’s General Data Protection Regulations (GDPR) and they are paraphrased as: -
- Use an opt-in approach by including a button for the user accept cookies.
- Provide detailed information about each cookie and their use, so the users are well informed.
- Alert users to where cookies are shared with 3rd parties. Do this through the detailed information.
- Give uses a choice to reject all cookies and/or a link to each cookie classification with a choice to permit or deny.
How can cookie consent impact analytics?
Given these clear requirements we recommend using a vendor-based cookie consent solution, one that will easily handle the legal requirements and at the same time offers a great and customisable user experience.
There are many on the market, we recommend OneTrust Cookie Consent, and they will all classify all cookies found into 3 or more cookie types: -
- Necessary – required to enable the website to operate, will not contain any PII or inferred PII data and cannot be blocked.
- Functional – enhances the operation of the website, will not contain any PII or inferred PII data but can be blocked, in which case elements of the website will degrade or cease operating.
- Marketing – cookies used by either 1st party or 3rd parties to measure or track user behaviour. May contain PII data or inferred PII data but can be blocked.
Most vendor-based cookie consent solutions will further breakdown the marketing cookie classifications, for example OneTrust adds the following:
- Performance – analytics and telemetric cookies used by either 1st or 3rd parties, such as Google and Adobe Analytics.
- Targeting – cookies used by either 1st or 3rd parties to track individuals to help with advertising, such as remarketing.
- Social – usually set by Social Media platforms when users view or use embedded media on your website.
Hypothetically, handing finite control to users and clearly highlighting and defining what cookies and their purpose, could see an increase in the opt-out rate of performance cookies and thus a degradation in website analytics.
Implementing cookie consent and maintaining a high yield in analytics
It is possible to be compliant whilst maintaining a high level of analytic performance. The approach being two-fold: -
Most cookie consent solutions are capable of screening which cookies are to be deployed to the browser by ‘blocking’ all cookies that are not classified as necessary and then blocking further cookies in line with the user’s consent.
This is a perfectly diligent approach but leaves finite control to the solution. Our approach is to integrate the cookie consent management within the Tag management. The benefits being:
- more flexibility on the solution roll-out, and
- finite control, on a tag-by-tag basis, of all your MarTech cookies
By using exception triggers, which interrogate the users consent preferences, and determines whether a tag may fire or not, it is possible to ensure that your site is 100% compliant and that all tags are reviewed and correctly classified.
- Feature rich solutioning
Use a cookie consent solution with the following features: -
- Consent analytics – the ability to record new visitor consent type and purpose to understand the opt-in rates across the classifications.
- Fully customisable – the ability to ‘skin’ the solution to brand and to be able to fully customise the options available to users, including descriptions, button sets and layout.
- Consent Rate Optimisation – use the consent analytics and customisation capabilities to execute a/b tests to maximise the consent rate.
Furthermore, feature rich cookie consent solutions offer the ability to manage a user’s preferences across devices, browsers, and domains. The more personalisation, transparency and choice offered in your cookie consent user experience, the greater the potential for high opt-in rates across all cookie classifications.
Consent vs Analytics - what outcome can you expect?
In short, very positive, provided you get your configuration right.
We have experienced that by using a fully featured vendor-based cookie consent solution cookie opt-in rates of between 90% to 95% across all classifications, with optimised configuration with Google Tag Manager. This without having to resort to a/b testing and rounds of customisation.
We also witness high take up rates across mobile devices and a wide range of devices and browsers, despite industry rumours of user contempt for cookies.
What are the common consent vs analytics mistakes?
Implementations that do not force a consent decision can allow large proportions of site visitors to ‘drift’ without data capture. This will be the case if the compliance position that your organisation has taken is to prevent data capture until this optional consent is given.
This typically has the most dramatic effect on analytics for return on investment (R.O.I) or Return-On-Advertising-Spend (R.O.A.S) for paid campaigns, which can have a huge impact your ability to track the general and relative effectiveness of your campaign spend. A high value lead or purchase that justifies your spend has just become an anonymous visitor to your site and a conversion without source.
From a compliance perspective simply applying code or a 3rd party solution can feel like you have ticked the cookie consent box – however Google Analytics and Google Tag Manager need to action the outcomes of your consent implementation. New cookies and tracking need to be applied correctly within this model. Failure to complete this overlap with analytics can result in non-compliance and data being captured against user consent decisions from the moment of implementation, or via a slow degradation over time as different cookies are applied to your website – often by different individuals or agencies.
Our top 5 tips for success
- Get compliant – ensure you your cookie consent solution complies with UK legislation.
- Do not DIY – cookie consent is regulatory and subject to constant change (new marketing technologies etc.). Use a solution provider that is dedicated and specialised.
- Utilise tag management – deploy your cookie consent solution through a tag manager to offer the greatest flexibility.
- Use exception triggers – control the execution of your MarTech tags by looking up the users consent preferences.
- Get your configuration right – configure the cookie consent with a balance of information and control, ensure consent analytics is switched on, in particular for performance cookies
Full disclosure: Appius is a OneTrust partner, having chosen OneTrust for our client’s cookie consent management requirements due to their market leading solutions and holistic approach to global data protection and privacy management.
As part of our full service digital offering Appius provide audit, consultancy and implementation support for cookie consent management and Google Analytics and Google Tag Manager. For our clients we provide expert advice on governance and configuration, or actual implementation in line with their compliance, tracking and digital strategy reporting requirements. Contact Us for more information or to set up an initial chat about your current cookie consent or analytics requirements.