Both posts and the lengthy comments are a must-read as they provide insight into the complexity of the implementation of this change and the emotion surrounding this issue.
I agree with the points by Alex Langshur, Digital Analytics Association (DAA), that the 3-tier system tying cookie deployment to type of site will not be effective and that clear basic operating principles are lacking. (This is why there continue to be no-brainer security breaches, like leaving account files unshredded in a back alley garbage pickup).
Ann Poritzky and Sue Feldman of the Federal Web Managers Council and WAA are right on, with their comment“…We think if the “rules” of use for session and persistent cookies are clearly defined, there should be no need to get additional sign-offs or waivers which in the past have been nearly impossible for Federal agencies to obtain…”
Perhaps some “thou shalt” and “thou shalt not” rules would be helpful to educate Federal webmasters as to what is safe and respectful cookie use and what is not:
- Thou shalt only view aggregated visit and visitor data
- Thou shalt aggregate a minimum of N visitors per analysis segment
- Thou shalt not use a cookie to drill into an individual visitor’s IP, city, domain and cross-correlate the content they have accessed
- Thou shalt not store Personally Identifiable Information (PII) in a cookie
Education is key.
Here’s an example clearly demonstrating the need for education, and why people do need to be concerned about rules of use for cookies. It’s not the technology, but the user of the technology misusing the technology:
- I recently downloaded a white paper from a B2B website. This site required repeated entry of my contact info for subsequent white papers, for the same session. Very annoying. So, curious to see if there weren’t any cookies, I looked at cookies. And there were cookies. Four with my email, first name, last name and download.
This supports Larry Freed (Foresee Results) comment on the OSTP blog: “… As with most technologies there is proper use and there is misuse. Examples of misues should not lead us to the conclusion to restrict the use of the technology, but rather set standards, policies and guidelines across the federal government websites that insure the proper use of the technologies.”
* I’m a member of the Web Analytics Association.