Making a Case for Cookies on U.S. Fed Web Sites

In his blog last week, Eric Peterson called on President-elect Barack Obama to allow United States government Web sites to use first-party persistent cookies (define, a position the Web Analytics Association endorses. Currently, federal Web sites cannot use cookies unless the sites meet four conditions.

Peterson argues that the current restriction hinders the ability of federal government agencies to deliver the best possible Web site experience to visitors and prevents agencies from taking advantage of some of the latest technology. He writes:

    Unfortunately, the “do nothing” option hurts everyone — Government employees who genuinely want to improve the sites they maintain on behalf of the public good, U.S. citizens who sincerely want to participate in government using the most convenient communication channel available, and the Federal Government as a whole because citizens are unlikely to continue to use sites that fail to provide a good and satisfying experience.

A quick scan of a few government Web sites here in the U.K., including our own prime minister’s Web site, shows the liberal use of both first-party cookies and third-party cookies. So it appears that we in the U.K. aren’t having the same cookie-related debate. Why is that? Are we better or less informed on the issue? Should we be more worried about cookies than we seem to be?

Europe went through angst on this issue a few years ago. The European Parliament passed a directive in 2002 on privacy and electronic communications. Leading up to this directive, there had been a concern in the industry that cookies would effectively be made illegal as a breach of personal privacy. In the end, the European Parliament concluded it wasn’t cookies or Web bugs that infringed privacy but the inappropriate use of these devices. The following passage from the directive is particularly relevant to the current U.S. debate:

    So-called spyware, web bugs, hidden identifiers and other similar devices can enter the user’s terminal without their knowledge in order to gain access to information, to store hidden information or to trace the activities of the user and may seriously intrude upon the privacy of these users. The use of such devices should be allowed only for legitimate purposes, with the knowledge of the users concerned.

    However, such devices, for instance so-called “cookies”, can be a legitimate and useful tool, for example, in analysing the effectiveness of website design and advertising, and in verifying the identity of users engaged in on-line transactions. Where such devices, for instance cookies, are intended for a legitimate purpose, such as to facilitate the provision of information society services, their use should be allowed on condition that users are provided with clear and precise information.

Essentially, Europe recognizes that cookies can be a good thing, provided they are used legitimately and people are told what’s going on. Europe allows Web sites to use cookies provided each site tells people in its privacy policy that it serves cookies, how it uses the data, and how people can refuse to accept cookies, or how they can delete site cookies.

I’m not an expert on this issue, but it seems to me that having such a legal framework helps with the issue to some extent. It doesn’t always take the emotion out of the subject, nor does it prevent individuals forming a judgment about cookies and making their own views known. But that’s society for you.

What I like about the current European position is rather than taking an explicit or implicit “all-cookies-are-bad” stance, it recognizes society can potentially benefit from the appropriate use of cookies. By understanding how people behave on Web sites, Web sites can create a better visitor experience without necessarily infringing upon personal liberty. After all, observing shopper behavior is nothing new. Our supermarkets and stores are laid out based on years of observing shopper behavior and analyzing shopper-derived data. However, it’s clear the ability to harvest (even anonymous) data should not be taken for granted. Even in the absence of legal frameworks, transparency is a sound policy.

Related reading

metrics hp
Inbar Yagur of Taboola gives a talk at the CMA Digital Breakfast entitled 'Harnessing content's untapped potential'.
Report: millennials are more likely to share an ad (but also to mute it)
A graph showing a small pile of money at one end and a larger pile at the other, with an ascending line connecting the two.