Cookie Policy Verfication Framework

COOKIEREPORTS

Site Review

1

A review and benchmark of the XYZ website.

Scoring the level of cookie compliance* taking the consumer view.

*Based on sensible interpretation of the current legal frame work around UK informed consent.

COOKIEREPORTS

INTRODUCTION

With the confusion around the current cookies law, its important to have a independent view for any site that’s is owned or operated for you – allowing you to be confident in your brands position.

Regulatory action is directly time consuming, costly – indirectly it can be far more damaging in terms of losing trust and the negativity associated.

If not more important, rather than the impact of regulatory action – is ensuring that you are seen to be open and transparent.

Cookies are not considered as ‘bad’ in the main, most are comfortable – offer simple clarity will ensure the confidence for your visitor's.

Its being done – our agency provided it?

Unfortunately not all agencies are best placed for cookie auditing – we often find 30-70% more. Most do not have the appropriately skilled resources or technology in place (often relying on free tools).

We are independent and have probably delivered more cookie solutions than most – its all we do!

It’s you and your brand that’s penalized if there are errors or omissions - what's essential is accuracy and efficiency. Typically we can audit, categorise and provide cookies reporting within hours – mutli site estates, can be delivered in a couple of days, including language and regulatory localization.

2

COOKIEREPORTS

YOUR SUMMARY

3

EXAMPLE ….. A pretty good starting point. With probably 3 days of work focused on improving clarity, more visitor friendly information and better reporting the site would be considerably improved.

On the cookies page there seem to be errors limiting site function.

COOKIEREPORTS 4

30 2 4 6 8 10

Navigation

50 2 4 6 8 10

Function

20 2 4 6 8 10

Policy

1.9

1

0

2

3

45

6

7

8

9

10

Overall Rating

10 2 4 6 8 10

Cookie Detail

10 2 4 6 8 10

Opt in / Opt out options

COOKIEREPORTS

COOKIES REPORTED ‘V’ AUDIT FOUND

5

COOKIEREPORTS

Category Found Reported

NecessaryThese cookies are important to the underlying operation of the website, supporting important functionality such as shopping baskets and supporting the technical operation of the website to ensure the website performs how you would expect. No personal identifiable data is collected with these types of cookies.

8 0

Site experienceThese cookies are used to support your experience on our site and include display options and login areas. No personally identifiable data is collected with these types of cookies. 10 0

Performance & operationThese cookies are used in the management of the site and include customer survey's, recording visitor numbers and other web analytics. Limited anonymous identifiable data is collected. 16 0

Marketing, anonymous cross site trackingThese cookies are used to track our customers across our websites. This can be used to build up a profile of search and/or browsing history for every customer. Identifiable or unique data may be collected, however any stored information is anonymous and not logged against an identifiable profile or customer. Any anonymous activity recorded may be reused by 3rd parties.

*25+ 0

Marketing, targeted advertisingThese cookies are used to track browsing habits and activity. We use this information to enable us to show you relevant/personalised marketing content. Using these types of cookies, we may collect personally identifiable information and use this to display targeted advertising and/or share this data with 3rd parties for the same purpose. Any activity tracked and recorded using these cookies maybe sold to 3rd parties.

42 0

*in total over 90 cookies were found on the site (abc.site.com) XXXX operates across numerous subdomains & requires further investigation to complete site mapping / cookies detail.

COOKIEREPORTS

RESULTS BROKEN DOWN

7

COOKIEREPORTS 8

As this report is based on the requirements for a UK managed and delivered website, the first (and arguably a key) requirement is to provide ‘clear navigation’ to your cookies statement / policy.

A site should clearly inform a visitor that it users cookies no matter what page of the site you arrive at or what device you are using to connect to the site.

Two navigation options have been cited as both appropriate and ‘within requirements, these are; Graphical icon / device or a Text link.

Where a text link is used, it should be clearly visible, if combined with a selection of links (say in a top navigation) it should be identified by a different color, font type or size. It should not be below the page fold.

Improvement suggestions(Not offered as part of the free summary)

1. Point one2. Point two3. Point three4. Point four

30 2 4 6 8 10

Navigation

COOKIEREPORTS 9

Next stage down from the ‘front page’ navigation is it’s function.Generally speaking the more complicated the navigation the more prone to error or problems it will be.

Key areas are;1. Are there any accessibility constraints?2. Does the navigation unnecessarily interfere with the user

journey?3. Does it function on all pages of the site?4. Is it functionality that is limited on public access devices?5. Does it work when redirects are followed?

A common navigation choice is a test bar at the very top of the page – its important to check that this will not compromise your search indexing and results.



50 2 4 6 8 10

Function

COOKIEREPORTS 10

In looking at the policy and perhaps the only area of the report that can be considered as subjective is reading and reviewing of the content and explanation text of the policy.

The areas that we feel are important for any policy are;1. Contact details – who to contact with any questions (email

suggested)?2. Date of the audit – demonstrate that you have audited your

site, if externally even better as it offers the visitor confidence and a level of openness, building trust.

3. Opt out for LSO / Flash based cookies – does the policy offer support for this?

4. Clearing of cookies – does the policy offer detail, by browser of how this can be achieved?



20 2 4 6 8 10

Policy

COOKIEREPORTS 11

After many hundreds of thousands of audits, we now have a very comprehensive data set of pretty much all cookies. We have examined the cookies with this allowing us to create hopefully a very consumer focused categorisation – we also have another key element to look at the likely privacy impact, that of each cookies 'density of use’.These categories (groups) are as clear as we believe possible (they have been defined by leading industry experts and were the result of checking many thousands of sites and looking at the detail of all cookies found (3rd Party predominantly). The categories (groups) reflect the potential level of privacy intrusion the visitor.We are comparing the detail reported on a site, against what’s been discovered. If a site doesn’t provide the basic detail of the cookies (name etc) then it can not claim to offer any level of ‘informed’ consent, as the basis a visitor has to make a decision is that of being informed – and with no information they are clearly not.



10 2 4 6 8 10

Cookie Detail

COOKIEREPORTS 12

Its not in anyway sufficient to rely on 3rd parties who set cookies to offer a suitable mechanism to opt out their cookies. Most are cumbersome to use (perhaps intentionally) and to date the solutions offered by collective bodies seem to operate with sporadic success.

You should also offer a visitor a method of removing your (any) cookies from their device (covered in more detail within the policy review and check).

Finally and essentially but so far limited across sites we have checked – the opt out method should actually work.

For countries where opt-in has been taken as the legal requirement, we review the site before and after opt-in.



10 2 4 6 8 10

Opt in / Opt out options

COOKIEREPORTS

FURTHER READING

13

COOKIEREPORTS

We have a book covering a great deal of the questions you may be asking, for a printed version please contact us.

Its also available to download @http://www.cookiereports.com/download/journeybook

14

COOKIEREPORTS

On request;• extracts from ICO

discussions • the latest updated from

the EU.

Presentation is @http://misc.cookiereports.com/CookieReports_Deloitte_Event.ppsx

15

COOKIEREPORTS

ABOUT US

16

COOKIEREPORTS 17

• UK owned and operated company

• Presence in UK, FI, DK, DE, AT

• Our own unique IP and methodology

• No VC, bank or external funding

• Only service to be independently certified

• UK member body & partners include;

COOKIEREPORTS

Most recently….

Who have we worked together with?

18

COOKIEREPORTS

CONTACT

Lawrence Shaw

Cookie Reports Limited

+44 207 183 0733

+44 7739 700 676

[email protected]

19

COOKIEREPORTS

COPYRIGHT

This material is proprietary to Cookie Reports Limited and has been furnished on a confidential and restricted basis.

Cookie Reports Limited hereby expressly reserves all rights, without waiver, election or other limitation to the full extent permitted by law, in and to this material and the information contained therein.

Any reproduction, use or display or other disclosure or dissemination, by any method now known or later developed, of this material or the information contained herein, in whole or in part, without the prior written consent of Cookie Reports Limited is strictly prohibited.

20

COOKIEREPORTS

DISCLAIMER

This document is offered as an overview and a starting point only – it should not be used as a single, sole authoritative guide. You should not consider this as legal guidance.

The services provided by Cookie Reports Limited is based on an audit of the available areas of a website at a point in time. Sections of the site that are not open to public access or are not being served (possibly be due to site errors or downtime) may not be covered by our reports.

Where matters of legal compliance are concerned you should always take independent advice from appropriately qualified individuals or firms.

21

Cookie Policy Verfication Framework

Documents

Transcript of Cookie Policy Verfication Framework