Tuesday 27 September 2011

Cookie compliance – Govt website suggests a new way to do it

The webmasters at the main Government website appear to have ignored the pioneering route the ICO’s team took to ensure compliance with the new cookie rules. Whether it’s absolutely lawful only time will tell, but as it’s the Government’s main website, I think they would be hard pressed to criticise many who adopted their cunning plan.

They’ve found a way of operating their site by giving users the option of objecting to the use of cookies – so long as the users burrow through the cookie explanations until they find the right hyperlinks.

Clever, huh? If it works, certainly.

Read on if you want to learn how they’ve managed this feat.

First, just an explanation of the site. Directgov is the website which is supposed to save public funds by enabling citizens to use this single portal to access all other Government services.

So, from the home page, in just In 3 clicks the user can navigate to the page explaining freedom of information and data protection. Interestingly, as well as briefly outlining the data protection principles, subject access rights and guidance on how to stop direct marketing, it also provides advice on how people can appeal against decisions made by the Information Commissioner. I’ve never seen a popular Government site carrying such prominent advice on how people can appeal against these decisions.

The Data Protection stuff is available by clicking on:
Government, citizens and rights
Your rights & responsibilities
Data protection & freedom of information

Anyway, the Directgov privacy policy (helpfully located by clicking on the link when you have scrolled to the bottom of the landing page) provides the usual stuff, and explains, in a section headed “Changes to this privacy policy”:

If this privacy policy changes Directgov will update this page. You should visit this page regularly so you know:

• What personal information Directgv collects
• how Directgov uses your personal information
• when (if ever) Directgov shares your personal information with someone else

Then, there’s a link to the cookies page.

The text explains that: Cookies allow Directgov to improve the services we provide, by telling us how people use them. Cookies are also used to make some parts of the website work properly. Find out what cookies Directgov uses and what they're for.

Under the heading “Why Directgov uses cookies” the following explanation is available:

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

• enabling a service to recognise your device so you don't have to give the same information several times during one task
• recognising that you may already have given a username and password so you don't need to do it for every web page requested
• measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast.

And then there’s another hyperlink “Internet browser cookies - what they are and how to manage them”

An interesting section (for the cookie anorak brigade) is called “Your privacy - how cookies are used by Directgov.”

I like it. It contains a list of the cookies that have been found on the websites operated by the companies and and government departments Directgov works with. The list is to be updated as more information emerges.

The section “Cookies for measuring use of services” states that: by understanding how people use Directgov, we can improve the information provided. This also ensures that the service is available when you want it and fast. We use a number of different methods of gathering this data, including services provided by the following companies.

The text then provides details about 5 cookies placed by Speed-Trap and 5 placed by Google Analytics. The details are set out as follows:

Name: jobseekerscsauvt
Typical content: which Directgov pages you have visited and when
This cookie is used by the Directgov jobs and skills search.
Expires: 1 year

Name: __utmmobile
Typical content: randomly generated number
Expires: 2 years
For further details on the cookies set by Google Analytics, users can click on yet another hyperlink.

Then, there’s an explanation about third party advertising cookies:

Where government uses advertising, it wants to make sure that this money is well spent. To help measure this, the following cookies are used on pages which are being marketed.

Name: doubleclick.net
Typical content: randomly generated number
Expires: 2 years

Name: b3-uk.mookie1.com or uk.gmads.net
Typical content: randomly generated number
Expires: 13 months

Then, there’s a section on “Cookies to make specific web services work”. These cookies are sorted into the following types:

Site customisation
Online forms
Cookies for using personalised answer tools (eg redundancy pay calculator)
Cookies for using mobile services
Cookies for using Local Directgov services
Cookies for using Directgov Innovate website - innovate.direct.gov.uk

Another hyperlink leads to more information on how to control or delete cookies. And yet other hyperlinks lead to more information about various cookies placed on some of the sites which can be accessed from the Directgov website.

There are some interesting details about some of the other cookies that are served under the Directgov domain. Virtually all of the cookies expire when the user exits the browser. But, for some reason, those set by the Schools and children centre finder (schoolsfinder.direct.gov.uk) last for 30 years. Don't ask why.

Finally, there are a few words on “Cookies on Directgov from social networking websites”: Directgov has links so you can use social networking websites (eg Facebook and Twitter) with Directgov. For example, you can bookmark and share links using the toolbar at the bottom of each page. These websites may place cookies on your computer. To find out more, users can click on the hyperlink 'How do you use this toolbar?'.

Clever, huh? By not making it too obvious about how to delete the Google Analytics cookies, these guys probably know far more about what users do when they browse onto these websites than the ICO does when users browse on the ICO’s website.

Privacy policy http://www.direct.gov.uk/en/SiteInformation/DG_020456