This week two US Congressman asked the chairman of the Federal Trade Commission to investigate how "super-cookies" could jeopardize the privacy of American Web users.
The Enterprise Efficiency community has shown that we, as a group, worry about online privacy -- and specifically worry about the surreptitious use of browser cookies. Cookies are getting a bad name, and not without cause. But can online businesses survive without them?
Cookies are a major part of e-commerce. They're the darling of marketing departments everywhere, because they allow businesses to better identify and target their potential customers. They're used to provide better, more customized services to users. They're used to gathering user data that can then be sold to, or shared with, business partners -- and as we know, the trading of "big data," is now becoming a lucrative business. In fact, one might go so far as to say that they are not only a major part of e-commerce but that they are an essential part of e-commerce.
So how can Website owners adequately protect privacy, maintain regulatory compliance, and retain their users' trust, without dooming their businesses?
Yes, there is, of course, the simple expedient of using an "opt-in" policy instead of the "opt-out" policy. That may make life simpler for Web designers, IT directors, and compliance managers -- but it might drastically up the level of difficulty for marketing directors, CFOs, sales staff, and everyone else directly responsible for increasing revenue.
What experience have you had with opt-in policies -- both as a business representative and as a private citzen? Does your Website use an opt-in policy? If so, how have your users responded? Has it affected your profits, and if so, in a positive or negative way? Do you use an opt-in policy, then give users incentives to willingly provide more personal information? If so, do you have one Web form that asks for the whole kit 'n' caboodle, or do you ask for smaller chunks of data as necessary? How do you make your users aware of your use of Web cookies and/or users' personal data? Do you believe that those methods are efficient?
And most importantly: What can we use as an adequate replacement for the cookie... if in fact such a thing will ever exist?