Will geo-blocking become the new cookie law?

“This website uses cookies. By continuing to browse the site you are agreeing to our use of cookies. For more details about cookies and how to manage them, see our cookie policy”.

In 2007, the European Commission decided that people should be protected from spyware and other tracking software being planted in their devices without their knowledge. This led to the ‘cookie law’, designed to give people ‘clear and comprehensive’ information about what was being tracked and why, so that they could choose to allow it or not. The Commission’s logic is as follows: give people information, and they will make informed choices.

In a world where we exchange our data willingly for free services like email and search, most of us would like to be able to make informed choices about what data we share, based on how it will be used and what we get out of it. We are all vaguely aware that when we get something for free online,  our data is being used in some way to bring profit to the companies providing the services we use, for example for advertising.

Helping people make informed choices about how their data is used is a lot harder than it sounds.

Unfortunately, the cookie pop-ups we see on every website we visit don’t actually lead to us making informed choices about how our data is tracked and used. In many cases, the pop-up simply disappears after a few seconds – or, if needed, we just click the ‘close’ button and get on with what we came to the website to do. The Commission’s logic is wrong – if you give people information, it doesn’t necessarily mean they will use it to make informed choices. Helping people use information to make informed choices about how their data is used is actually a lot harder than it sounds.  When the cookie law came into force in the UK, I was in London working for tech business JustGiving. Like most companies, we understood there was a legal obligation to add this pop-up and we put aside valuable time and resources to do it. But the guidance from the Commission was unclear and contradictory. We looked at the Commission’s own website hoping for a best-in-class example of implementation, and were dismayed to see reams of text obscuring half of the homepage, written in legalistic language that most people wouldn’t understand. What is the point of this, we wondered?

Data protection law in the EU is also based on this logic. Companies have a wide remit to use our personal data for almost any purpose, as long as we consent to it. If we tick the box, EU law considers that we have made an informed choice. But again, in reality, how many of us tick the box without reading the privacy policy which comes before it?

We need a shift from the decades-old offline system of adding labels and warning.

The problem is that the Commission hasn’t invested enough in thinking about the best way to help people make informed choices. They simply transferred a decades-old system from the offline world to online – essentially, adding labels and warnings. This may be the only solution when it comes to adding product safety information to electronic appliances, for example. But online there are many more possible ways of displaying information – which could be more effective in helping people understand, learn more and make informed choices. Giving people information is important, but it needs to be done in the right way, at the right time.

In the e-commerce world, every word and picture on a website is chosen and positioned in exactly the right way to help people find the information they need. Every variable is tested thoroughly to improve the browsing experience. Should that link be in the top-left or top-right of the page? What size should the font be? What colour makes people click on it the most? How will it look on a smartphone, or a tablet? It would make sense to apply the same approach to the way information about privacy and cookies is presented to users. How should it be written and presented in order to make sure people actually read and engage with it, rather than simply clicking it away?

The geo-blocking debate risks following the same flawed logic as the cookie law.

Unfortunately, policymakers still seem to be pushing the same old logic of ‘give people information and they will make informed choices’, without further thought as to how this information should be presented. The logic is threatening to creep into new pieces of legislation that are currently being developed as part of the Digital Single Market. In recent documents published by the Commission about the upcoming geo-blocking legislative proposal, there are ominous references to ‘imposing transparency obligations’ to explain when and why geo-blocking is being used. This rings cookie law alarm bells in my head. The logic is there again – give people information about geo-blocking practices, and they will make informed choices. I can imagine pop-ups appearing every time I click on a different product as I do my online shopping:  “This product is only available in our UK, German, French and Dutch stores. It is not available in the Czech Republic, Bulgaria, Spain or Greece. It may be available in Estonia, Ireland and Luxembourg subject to our geo-blocking policy. By continuing to browse the site you are agreeing to our use of geo-blocking. For more details about geo-blocking and how to manage it, click here to read our geo-blocking policy”.

The challenges of the DSM are not purely regulatory. The implementation is also crucial.

Maybe it’s time for policymakers to step back and consider alternative ways to help people make informed choices online. Simply throwing information at us does not seem to be working. And the more information we have to wade through in order to do basic things online, the less we will care about what it actually says. As the Commission moves forward with the Digital Single Market (DSM), it has the opportunity to bring together expert stakeholders from across the tech sector to try and find a better way to achieve this. They could bring in UX experts, web designers, e-commerce and online marketing analysts, experts in online behaviour and monitoring and many, many others. The challenges of the DSM are not purely regulatory. The implementation is also crucial and, when it comes to digital policy, regulation needs to be designed with the implementation in mind. This can be done hand-in-hand with industry experts, who would welcome the opportunity to avoid another cookie law coming into force in several years’ time. Let’s not repeat the mistakes of the past with the geo-blocking proposal.

Catherine Armitage