Example cookie compliance audit
32
Example Cookie Law Compliance plan for Client-domain.com Author: Phil Pearce Date: 15/06/2012 1
-
Upload
phil-pearce -
Category
Data & Analytics
-
view
127 -
download
1
Transcript of Example cookie compliance audit
Example Cookie Law Compliance plan for Client-domain.com Author: Phil Pearce Date: 15/06/2012
1
Cookie Law Compliance plan for Client-domain.com
ContentsIntroduction...................................................................................................................3
Background.......................................................................................................................3Recommendations and Actions........................................................................................4
1. Undertake a cookies audit............................................................................................42. Remove unnecessary or redundant cookies................................................................4Cookie policy..........................................................................................................................7
Shopping Cart area...........................................................................................................7Areas of the site requiring login.........................................................................................7
3. Establish effective management of cookies.................................................................8Appendix 1: Cookie Intrusiveness Guide..........................................................................9
Intrusiveness Functionality Types........................................................................................101. Moderately intrusive (Adwords remarketing & Facebook Like buttons).....................102. Minimally intrusive......................................................................................................103. Exempt from changes to privacy regulations..............................................................11
Appendix 2: Examples of Good Cookie Policy Pages.....................................................13Appendix 3: ICO “quick wins” guidelines.........................................................................14
2
IntroductionThis document sets out guidance for Client-domain to comply with the new Privacy & Electronic Communication Regulations (PECR) which came into effect in May 2011, and are enforced from May 2012 onwards.
This guidance focuses on ensuring that the main objective of the new regulation, the protection of website users online privacy is satisfied by Client-domain.com
BackgroundFollowing changes to PECRs in May 2011 all website owners with a UK presence are required to obtain informed consent from website users and subscribers in order to store information on their devices. The primary impact of these changes for websites is that cookies (and related technology such as flash local storage) that are deemed ‘strictly necessary’ for a service requested by the user are exempted from this requirement.
The ICO guidance material considers some methods for obtaining user consent such as pop-ups. However, these can be quite disruptive to the user experience and are likely to make the sites less usable. Website owners should consider how opportunities for users to provide consent can be maximised without undermining usability.
The preferred method of compliance with the new regulations i.e. least disruptive to the user experience, would be one based on users' “implied consent”. In this context “implied consent” can be taken to mean that a user is aware of the implications of taking a certain action and that by choosing to take such action are implicitly giving their consent to the related outcomes. However, the ICO does not believe it is possible to take such an approach at present because “evidence demonstrates that general awareness of the functions and uses of cookies is simply not high enough for websites to look to rely entirely in the first instance on implied consent ”.
This emphasises the need to raise the awareness levels amongst users of websites about the uses and functions of cookies.
Consistency in the presentation of cookies-related information will help towards achieving the aim of educating our users.
Transparency about which cookies websites set and why remains central to the ICO requirements and consequently to this guidance.
3
Recommendations and ActionsThe initial measures undertake to protect users online privacy (which is the main objective of the new guidelines) and raise awareness levels are set out below:
1. Undertake a cookies auditAssess cookies and related technologies used by their sites and their usage.
This audit should determine the intrusiveness (in privacy terms) of each cookie, see example links in appendix.
The results of this audit will be published as part of our ‘Cookies Policy’. Links to this policy should be made prominent. Publicising the privacy policy (e.g. through on-site promotion corner box).
2. Remove unnecessary or redundant cookiesAs a result of this audit we suggest removing unnecessary cookies. Removal of the more intrusive cookies in this category should be prioritised.
Consider changing the google maps cookie to a static cookieless map on the contactus page: http://tinyurl.com/google-map-jpg
Help file:http://gmaps-samples.googlecode.com/svn/trunk/simplewizard/makestaticmap.html
4
Change YouTube to no-cookie mode (as these cookies are not needed)
http://support.google.com/youtube/bin/answer.py?hl=en&answer=141046
Videos found on the website are...http://www.youtube.com/user/Client-domainuk?feature=mhee
5
Add opt-out links for Google+, Facebook, Twitter and Pinterest on privacy page
Social cookie are enabled on product pages:
Change to no-cookie links mode links, where {URI} is inserted using serverside script.
<a id="facebook" title="Share on Facebook" href="http://www.facebook.com/sharer.php?u={URI}" target="_blank" onclick="_gaq.push(['_trackSocial', 'facebook', like', 'optional_pageURL']);">Facebook</a>
<a id="twitter" title="Share on Twitter" href="http://twitter.com/share?url={URI}" target="_blank" onclick="_gaq.push(['_trackSocial', 'twitter', 'tweet', 'optional_pageURL']);">Twitter</a>
<a id="GooglePlus" title="Share on GooglePlus" href="https://plusone.google.com/_/+1/confirm?hl=en&url= {URI}" target="_blank" onclick="_gaq.push(['_trackSocial', 'google plus', 'plus1', 'optional_pageURL']);">GooglePlus</a>
<a id="pinterest" title="Pin on Pinterest" href="http://pinterest.com/pin/create/button/?url={URI}" target="_blank" onclick="_gaq.push(['_trackSocial', 'pinterest', 'pin', 'optional_pageURL']);">Pin It</a>
Explain to users how to change privacy settings in the browser, within within facebook.comhttp://lifehacker.com/5813990/the-always-up+to+date-guide-to-managing-your-facebook-privacy
Example privacy policy with links to Facebook tracking blocker:http://www.kaushik.net/avinash/privacy-policy/
6
Adwords remarketing code: http://clientdomain.com/?google_debug=true
Behavioural targeting and remarketing cookies are the core focus of the cookie law (i.e the means to send marketing message to individual users across a banner ad network, based on their browsing habits). Source: www.ukaop.org.uk/news/eu-privacy-directive-forum-report3558.html
- Hence, an opt-in notification on landing page where the remarketing cookie is initially dropped is required.
- On second pages a prominent remarketing notification can used (such as a floating cookie logo) and thus implied consent on second pages onwards, can be assumed for remarketing.
Note: you can see an example of a floating cookie logo here:http://www.conversionworks.co.uk/privacy/#cookies
Alternative to opt-in: the remarketing campaign generates a large number of sales, thus, thus we recommend using alternatives to the opt-in, by reduce the obtrusiveness of the remarketing code:
a) [Recommend Option] Change the Adwords settings:I. Impression Frequency cap from “medium” to “low”, to prevent users
being overtly targeted on the Google content network.http://support.google.com/adwords/bin/answer.py?hl=en&answer=117579
II. Reduce the Adwords remarketing cookie durations from 2 years to 6months within adwords settings:http://www.youtube.com/watch?feature=player_embedded&v=w-rGv3BjPrc#t=128s
III. Add a new remarketing code audience to visits to your privacy policy page, and add this negative group to your campaign. Effectively this would mean that any visitor that views your privacy page, would be automatically opt-ed out of remarketing.
b) Only place adwords remarketing cookie on either:- register pages [/checkout/onepage/] with opt-out tickbox embedded in the form.- or cart pages [/checkout/cart/] with opt-out floating footer notification.
c) Do nothing & (i.e non-compliant mode) and only change to option “1)” or “3)” if an ICO enforcement warning letter is received.
Having reviewed the options below, we recommend going with option “A)”, this is because remarketing is important for Client-domain and we want to avoid removing all tags completely. In addition, option B is easier to facilitate and means that the size of target audience is unaffected.
If Client-domain remarketing receives any complaints from the ICO in the future, we would then recommend moving to option “B)” for the opt-in on register & cart pages.
7
Please adopt centralise the cookie policy page – i.e 1 page, not 3 pages. Also adding an #anchor to the /privacy-policy will mean that the cookie policy can be linked to directly:http://www.Client-domain.com/privacy-policy#cookieshttp://www.Client-domain.com/data-protectionhttp://www.Client-domain.com/enable-cookies
8
Cookie policy – Last updated 20 November 2012Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. This website uses the following cookies:
Item Cookies Purpose More information
Google Adwords Remarketing
idTargets a user for relevant adverts.
Adwords Privacy and Data Practices. You can choose to opt-out of Adwords remarketing here.
Facebook Like button
di, uid, uit Provide functions to liking posts.
Facebooks Privacy and Data Practices. You can choose to opt-out of Facebooks here.
Twitter retweet button
Provide functions to retweet posts.
Twitter Privacy and Data Practices.
Google Analytics & Google Content Experiments
_utma, _utmb, _utmc, _utmz, _utmx, _utmli
Helps improve website performance.
Google Analytics Privacy Policy. You can choose to opt-out of Google Analytics.
CartID (shop only pages)
_storeUsed to remember products added to basket.
This cookie is essential for the website to process orders.
SessionID frontendGeneral purpose session cookie. This cookie is delete when you close the browser.
This cookie is essential for the website to work.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.ico.gov.uk/for_the_public/topic_specific_guides/online/cookies.aspx
Shopping Cart area
Parts of our site make use of a shopping cart technology to make use of cookies to remember what you wish to buy.
Areas of the site requiring login
Accepting the use of login functionality, you must agree to the setting of login cookies to access this area of the website and to use add to wishlist.
3. Establish effective management of cookies
In order to ensure effective ongoing management of cookies across their websites. This should include a procedure to prevent the creation and use of new cookies without an assessment of their value (in terms of user experience / analytics etc) weighed against their intrusiveness.
Regular checks of cookies should be undertaken and the published list of cookies updated to ensure that a user will never find a cookie in their device that is not listed.
Data-sharing and benchmarking options (offered by some analytics packages) has been be switched-off despite the fact that no personal data is collected. This can be verified by visting this link or see that graph below:
Please note that the PECRs cover any technology that store or retrieves information from the users’ computer. This includes:
Cookies
and locally stored objects (e.g. Flash cookies).
9
Cookie policy – Last updated 20 November 2012Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. This website uses the following cookies:
Item Cookies Purpose More information
Google Adwords Remarketing
idTargets a user for relevant adverts.
Adwords Privacy and Data Practices. You can choose to opt-out of Adwords remarketing here.
Facebook Like button
di, uid, uit Provide functions to liking posts.
Facebooks Privacy and Data Practices. You can choose to opt-out of Facebooks here.
Twitter retweet button
Provide functions to retweet posts.
Twitter Privacy and Data Practices.
Google Analytics & Google Content Experiments
_utma, _utmb, _utmc, _utmz, _utmx, _utmli
Helps improve website performance.
Google Analytics Privacy Policy. You can choose to opt-out of Google Analytics.
CartID (shop only pages)
_storeUsed to remember products added to basket.
This cookie is essential for the website to process orders.
SessionID frontendGeneral purpose session cookie. This cookie is delete when you close the browser.
This cookie is essential for the website to work.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.ico.gov.uk/for_the_public/topic_specific_guides/online/cookies.aspx
Shopping Cart area
Parts of our site make use of a shopping cart technology to make use of cookies to remember what you wish to buy.
Areas of the site requiring login
Accepting the use of login functionality, you must agree to the setting of login cookies to access this area of the website and to use add to wishlist.
Appendix 1: Cookie Intrusiveness Guide
Cookies detected on Client-domain.com
Cookies classifications:
Good Cookies Bad Cookies
10
Intrusiveness Functionality Types
1. Moderately intrusive (Functional & Targeting Cookies)- Embedded third-party content and social media-
plugins
- Advertising campaign optimisation (Adwords code) http://www.Client-domain.com/?google_debug=1
2. Minimally intrusive (Performance Cookies)- Web analytics (Google Analytics)
- A/B testing cookies (Google Website optimiser)
- Personalised content / interface – n/a.
11
3. Exempt from changes to privacy regulations (Strictly necessary Cookies)
a. Load balancing or Transaction specific
Website owners should focus their efforts when reviewing, and where necessary revising the use of cookies, on the most intrusive types. This approach reflects the balance between valuable use cookies (e.g. for analytics and improving the user experience which enable continual improvement of digital services) and the need to protect users’ privacy.
Rationale - ‘Moderately Intrusive’ Limited control over used of information: Website owners have no direct control over how the information stored within third-party cookies is used. While all attempts should be made by web managers of government sites to provide information about relevant third-parties' cookie policies, it is probable that users will have a more convoluted journey in attempting to access this information. This might result in users not accessing the information thereby reducing their understanding of how cookies work and reducing the opportunity of providing informed consent.
User expectations when visiting the first-party site: A visitor to any first-party site has a relationship primarily with the site they have visited. Consequently, it is unlikely that visitors have an expectation that other parties might also be able to store information on their terminals. The setting of third-party cookies might be considered particularly intrusive when, in theory at least, they enable third-party websites e.g. Facebook, to track user behaviour across several sites. The fact that the visitor does not have to click on the plug-in or be a member of the social media networking site for the cookie to be set on their device, increases the perception that they are particularly intrusive.
Rationale - ‘Minimally Intrusive’ Their usage tends to be controlled by the first-party and as such departments are able to be fully clear and transparent about how the cookies and the information stored in them are set and used respectively
The scope of their use and information they store are limited to the first-party websites i.e. they are not used in relation to a user's activities on other sites.
12
Use of web-analytics/metrics: The use of metrics are integral are to departments' being able to provide the best possible user experience. They also allow departments to assess and demonstrate whether the digital services they offer provide “value-for-money”.
Consequently, collecting these metrics are essential to the effective operation of our website, at present the setting of cookies is the most effective way of doing this.
The ICO guidance supports this view as it states
“...it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals. Provided clear information is given about their activities we are unlikely to prioritise first-party cookies used only for analytical purposes in any consideration of regulatory action”
Personalised content/interface: Consistently presenting users with the version of the site (or features within the site) which they find most convenient increases their enjoyment of the site and thus, the likelihood that they'll use the service/website in the future.
13
Appendix 2: Examples of Good Cookie Policy Pages
The following are examples of existing good cookie policy pages:
http://www.johnlewis.com/Magazine/Feature.aspx?Id=567&intcmp=privacy
http://www2.bt.com/btPortal/application?pageid=pan_privacy_policy&siteArea=pan&s_cid=pan_FURL_privacypolicy
http://www.ico.gov.uk/Global/privacy_statement.aspx
https://www.gov.uk/help/cookies
http://www.culture.gov.uk/4902.aspx
http://www.consumerfocus.org.uk/cookies
Video Guidelines form the ICO:http://www.youtube.com/watch?v=V0M8MYiGkQw&list=PL45AABD8BB96D3785#t=155s
http://db.tt/QUugX7yk
14
Appendix 3: ICO “quick wins” guidelines
Source: http://www.ico.gov.uk/complaints/~/media/documents/library/Privacy_and_electronic/Forms/pecr_complaints_form.doc
15
Apendix4: Google Analytics Privacy and Data Sharing
Remarketing with Google AnalyticsIf Remarketing with Google Analytics is enabled, then a third-party DoubleClick cookie is dropped in addition to the standard Google Analytics cookies. The DoubleClick cookie enables remarketing for products like AdWords on the Google Display Network. For more information about this cookie, visit the Google Advertising Privacy FAQ. To opt out of remarketing, and manage your settings for this cookie, visit the Ads Preferences Manager.
Remarketing supports DNT=1 framework, thus online behavioural adverts are disabled if this flag is sent by the browser.
Universal Analytics
Universal Analytics is a new Measurement Protocol the features, security and privacy principles are very similar to standard Google Analyics, however as Universal Analytics is user- centric rather than session-centric, greater notification is recommended. For more information, review the Universal Analytics usage guidelines and the Universal Analytics security and privacy information.
Secure Socket Layer (SSL)
Google Analytics protects your website tracking transactions with Secure Socket Layer (SSL) technology. And your visitors' information is secure, too - your reports don't include identifiable information about your site's users. We'd adhere to the policies stated in the Google Privacy Policy. _gaq.push(['_forceSSL', true]);
16
IP Masking
IP masking is a customisation to your tracking that you can set up to change how Google Analytics uses and stores the IP address of website visitors. By default, Google Analytics uses the full IP address of a visitor to provide general geographic reporting. When IP masking is enabled, Google Analytics removes the last octet of the visitor's IP address prior to its use and storage. Note that this will slightly reduce the accuracy of geographic reporting.
Note: IP masking is required in German, and is not available within urchin.js
To set up IP masking, use the _gaq.push(['_gat._anonymizeIp']); in your tracking code. For details on customizing your tracking, see the Google Analytics Tracking API on Google Code. For more information, visit the Google Analytics Privacy Overview.
Ecommerce & TransactionID`s
For ecommerce websites, Google Analytics stores the customers transactionID on completed transaction pages. However the city, state and country fields are no longer shown within reports, and have been removed from the upcoming Universal Analytics. Additionally no zipcode or postcode is stored.https://developers.google.com/analytics/devguides/collection/analyticsjs/ecommerce#addTrans
17
now hidden
Data Sharing & Data benchmarking
Google Analytics data-sharing settings govern whether and how automated processes can access an account’s data. Automated processes use the shared data to provide additional information and capabilities to the Google Analytics account.
A website owner can disable data-sharing settings on the Account Settings page. Or limit shared to only certain Google products:
With other Google products only:This option restricts data access to Google services only, such as AdWords and AdSense. Selecting this option makes it possible to, for example, import Google Analytics goals into AdWords.
Anonymously with Google and others:Google removes any information that might identify the source websites, combines the data with hundreds of other anonymous sites that use Google Analytics in comparable industries, and reports aggregate trends. Shared data is completely anonymous, and can’t be tied back to individual accounts.
Website owner privacy controls
You can provide your visitors with control over whether their visits to your site are tracked by Google Analytics. Use the option to disable web tracking to build your own visitor controls that reflect the privacy policy for your site using window['ga-disable-UA-XXXXXX-Y'] = true;
If you prefer not to build your own controls, there are third-party developers who have created tools and plugins that you can make available on your site. You can find these tools and plugins in the Google Analytics App Gallery.
If you're using Mobile App Analytics, you can enable an app-level opt out flag that disables Google Analytics tracking across the entire app. Once set, the flag will persist for the life of the app or until it is reset. The app developer can enable the opt-out flag for an Android app or enable the opt-out flag for an iOS app. For more information, visit the Google Analytics Privacy Overview.
If using Advert remarketingCreating a negative remarketing list for any use who visits the privacy page, can be enabled. This will prevent these users from being targeted.
18
Apendix5: Google Analytics enhanced privacy settings table:
HIGH -Tracking Off
DNT=1 support window.navigator.doNotTrack;
which disable`s GA: ['ga-disable-UA-XXXXXX-Y'] = true;MEDIUM Temporary session
cookie mode['_setCampa ignCookieTimeout', 0],
Anon transaction ['_addTrans','anonOrder1234' ..],['_addItem','anonOrder1234' ..],['_trackTrans']
Clear Referring terms ['_clearIgnoredOrganic'], Clear Referral ['_setReferrerOverride', ''], Clear Campaign Data
from UTM tags['_setCampaignTrack', false],
Clear User Agent / Browser
['_setClientInfo', false]
Clear Custom Cookies ['_deleteCustomVar', 1],['_deleteCustomVar', 2],['_deleteCustomVar', 3],['_deleteCustomVar', 4],['_deleteCustomVar', 5],
LOW (Recommended
level)
6month cookie ['_setCampaignCookieTimeout', 15768000000],
Anon IP ['_gat._anonymizeIp'] Only show
CookieConsent popup based on visitors IP-to-Country
countries:'United Kingdom,Netherlands'
DEFAULT 2year cookie Google Analytics Privacy Policy Full IP captured Full referral
19
Google Analytics Controls for Users:
Hiding referral search terms
For the 20-30% of users who are logged into Google.com (or local domain equivalent) the users search terms is hidden by a privacy by design redirect on organic links, which removes search terms so that only {not provided} is shown:www.google.com/url?q={not provided}&esrc=s
To opt-out of referral keywords, just log into google.
Temporary user opt-out
When you want to browse the Internet in stealth mode, all modern browsing allow this. Google Analytics tracking is disabled when in incognito or Private mode.
Incognito mode in ChromePrivate browsing mode in FireFoxInPrivate mode in IE
Permanent user Opt-out & Browser settings
The Google Analytics Opt-out Browser Add-on lets website visitors choose not to send information about their website visit to Google Analytics from pages that use the Google Analytics Javascript. If you want to opt-out of being tracked by Analytics, visit the Google Analytics Opt-out page and install the add-on for your browser. For more details on installing and uninstalling the add-on, please see the relevant help resources for your browser. We've provided links for a few popular browsers below:
Mozilla Firefox Microsoft Internet Explorer Google Chrome Apple Safari Opera
Content Experiments uses the Google Analytics Javascript (ga.js) to collect visit and conversion data for experiments. Visitors with the opt-out add-on installed are not included in experiments, their visits are not tracked in any way, and those visitors always see the original page. For more information, visit the Google Analytics Privacy Overview.
20
Google Tag Manger
If using GTM. This can be set to only load GA and Adwords with no remarketing:
<script>dataLayer=[{'html', 'sp', 'img', 'flc', 'fls'}]; // Only Allow GA and Adwords converions, with no remarketing</script>
Help pagehttps://developers.google.com/tag-manager/devguide#security
21
