I am a technical optimist. And I believe in the incentives of capitalism to make certain problems (emphasis on “certain”) inherently likely to find solutions in the free market. “There’s always money in the banana stand” school of thought, for my fellow Arrested Development fans.
This is why I think our currently fairly young data privacy legislation will mature. The never-ending cycle of legal challenge to our privacy practices or tools will slow down if not cease. We will have more clarity about data we can acquire with what tool under what circumstances. It won’t always be as murky and shifty as things are today. (See last week’s newsletter for the legislative angle.)
But this constant whiplash of course worries various corners of the data world — from analytics people, from data bosses who had a run-in with their legal department. This concern leads us to question whether we should drastically reconsider our practices: “Do we move to self-hosted analytics?” or “Do we completely flip our data acquisition to privacy by design?”
And there are several other connected angles to this big, big question: Should we really reassess how much data we’re gathering in the first place, and how we acquire and store it?
So, to be clear, these questions above: That’s not one newsletter, that’s a whole tome of research. And I’ll revisit some of these topics more specifically in the future, in particular privacy by design.
First things first: best practice to be “by the book”
Vox Media, come forward so I can bow at your respectful cookie drop. You are dropping almost nothing pre-consent (just a session identifier from your CMS, I believe). Even if I continue to navigate your site without accepting, you’re allowing me to navigate and still won’t drop any cookies.
You get my newly minted “Golden Cookie Award” (Street value: worthless) for following the law to the letter, but I am sad you have to give up tracking anything about my reading behaviour all that because I didn’t touch your consent banner. Still, “A+, fast shipping, would do business again” as they say on eBay.
I am spotlighting Vox Media because they are not using a vendor to manage their cookies, and theirs is a consent banner not a CMP (content marketing platform). So, something simple. There are other good citizens out there, I see you.
By the book, with a little bit more
Le Monde, please accept my congratulations and a Golden Cookie Award. You also do it with a lil’ bit of something extra, for which I must commend you.
The reason I’m picking Le Monde is because I didn’t want to turn this into a CMP vendor endorsement, and I know Le Monde is using a homebrewed CMP. There are other smart publishers out there. I see you, too.
In a nutshell:
Pre-CMP, Le Monde is dropping a couple of anonymous IDs to have a “whole audience” view. Whether I accept their CMPs’ term or not, the publisher has a view of their unique visits.
If I accept the cookies, every cookie in the universe of cookies gets dropped.
If I refuse (there’s no “customise” on Lemonde.fr), a few additional session cookies get dropped, and a cookie I am pretty sure is used for reporting audience measurement to the French audience measurement alliance ACPM. This one carries very little inside so must fall under “legitimate interest.”
So what Le Monde does here, that’s it. That’s the best practice. And they are going one beyond — they are dropping a very skinny cookie to do some basic analytics. But note that Le Monde has opted to go the route of a cookie wall: You must accept cookies or buy a subscription to navigate the site (many articles on lemonde.fr require a premium subscription, but even to browse the homepage as a non-subscriber, you must either accept cookies or buy a subscription).
But say you have not opted for a cookie wall — you’re willing to allow your non-cookie-having users to browse around. Le Monde’s strategy can be useful to you, too.
If you’d like to subscribe to my bi-weekly newsletter, INMA members can do so here.