• by Sean Hargrave , Staff Writer, February 22, 2018

That's not just because it's an interesting observation in itself and undoubtedly speaks to the looming dominance of mobile, where device IDs replace the infamous cookies. No, it's interesting because it's a huge debate at the moment among the uninformed about GDPR.

It's interesting how what is written and said about the new privacy Regulation, which becomes law on May 25th, has spread in a similar way to fake news. If you're of a mind to worry unduly about new rules, you'll likely be listening to falsehoods. The same goes for anyone who's a zealot, welcoming in new laws that will banish the dark days of data gathering. Anyone who wants a fearful or a pre-formed biased opinion to cling onto about GDPR can find one, just as with politics.

Reading the most sensationalist reports and the feedback I regularly get on social media channels, it would appear there is an ill-informed consensus that GDPR is terrible news for the cookie. The new Regulation relies on consent, and so that pretty much means using bits of code to track users around the web will come to an end. That is the gist of the argument.

First of all, GDPR is not just about consent. There is a lot of wiggle room in the law for everyone, and particularly with cookies. Now we've have had the "cookie directive" in the past that required sites to forewarn us they collect cookies. Sites across the world have just gone for the same, dare I say, "cookie cutter" approach of a pointless statement we have to "ok" to keep on reading.

I have to be honest -- I see nothing in GDPR that will reform this. Let's be clear. GDPR and the ICO's interpretation of the law is that sites need a user's consent to collect cookies on them. However, this can be "implied" consent. 

The ICO guidance is very clear. As long as you tell someone you use cookies and what they're used for and allow them to show a sign of acceptance, all is good. Sounds exactly like what we do today, doesn't it? Publishers may need to add a line about helping them to tailor their online experience, but other than that, there's nothing in there to fear. 

However, as ever, GDPR comes with a caveat. The ePrivacy Regulation will replace today's PECR, which regulates electronic marketing. It is drafted, thus far, to bring in device or browser-level refusal of third-party cookies. The new Regulation was supposed to become law at the same time as GDPR, but has been delayed for a year -- or more likely, at least two. 

Which is what brings us back full circle to that earlier observation. Around 60% of marketers feel the cookie will have crumbled by then anyway, no doubt due to mobile's dominance and the ability for a simple command to always block third-party cookies on any browser.

So, marketers who are concerned about cookies and GDPR can see why they shouldn't be straight from the horse's mouth at the ICO here.

That isn't to say the cookie's days are numbered -- but just to point out they're already on their way out anyway, thanks to mobile browsing, and what's left of them will be all but killed off by the ePrivacy Directive in a couple of years.