Not buying or licensing Google's technology in 1998 In 1998, Google's two young co-founders approached Yahoo when they were making the rounds for backing in Silicon Valley. According to a book written by John Battelle, that opened the door to an investment, licensing deal or an outright acquisition of the duo's technology. But Yahoo (and other major players) weren't interested. Turning to Google for search results in 2000 Two years later, at the height of the first .com boom, Yahoo saw that search was becoming far more important than it had anticipated and it looked to third parties for search technology while it worked on its own. One of those third parties was upstart Google, which it struck a deal with to power search on yahoo.com. That deal, of course, was far more favorable to Google than any deal would have been in 1998. Paying billions for Broadcast.com in 1999 While Yahoo's 1999 acquisition of Broadcast.com for $5.7bn didn't kill Yahoo, it is arguably one of the worst-timed acquisitions in tech M&A history, and one has to wonder how the ill-fated acquisition impacted Yahoo in subsequent years. Not buying Google in 2002. According to reports, Yahoo had the opportunity to purchase Google for $5bn in 2002. Although that price was high for Yahoo in relation to its own value at the time, it would prove to be the last chance Yahoo would have to acquire Google. It didn't, and the rest is history. Failing to take full advantage of its Overture acquisition Google AdWords may be the king of pay-per-click advertising, but the model was pioneered by Overture, a company Yahoo acquired in 2003 for $1.4bn. As part of a patent lawsuit settlement, Google obtained a perpetual license to a key Overture patent that would spell trouble for AdWords. The price: 2.2m shares of Google stock. While there were questions about the legitimacy of Overture's patent, and some suggested it would be found to be invalid, in retrospect, Google got a bargain of a settlement. Hiring Terry Semel as CEO Some consider Yahoo's second CEO, Terry Semel, the worst tech CEO in history. While that may not be entirely fair, one thing is hard to dispute about Semel's reign at Yahoo: with his total compensation pegged at some $500m or more over his tenure, he has done far better than the company he ran. Botching the Flickr and Delicious acquisitions While there's no denying that Web 2.0 upstarts Flickr and Delicious wouldn't have saved Yahoo, the company's failure to manage the assets it purchased, particularly given its built-in audience, represented another huge missed opportunity that could have helped Yahoo find its way on the modern internet. This excellent article from gizmodo looks more deeply into this. The restrictions on Flickr's mobile development is a particular missed opportunity, opening the door for the likes of Instagram.  Not buying Facebook If watching as its Flickr and del.icio.us acquisitions stagnated or went south wasn't bad enough, Yahoo's failed attempt at acquiring the social networking behemoth adds insult to injury.   As the story goes, Yahoo was nearly able to acquire the popular social network in 2006 for $1bn but due to a faltering stock price, Yahoo lowered its offer to $850m, allowing Facebook CEO Mark Zuckerberg to walk away from the deal. This Friday, Zuckerberg and company will take 900m-plus user strong Facebook public at a valuation exceeding $100bn. Rejecting Microsoft's buyout offer Yahoo has made plenty of bad moves in acquiring (or not acquiring) other companies, but its crowning failure was its handling of its own potential sale. In 2008, the Redmond software giant, eager to compete with Google, was willing to pay $44bn for Yahoo, but thanks to what many considered gross incompetence, Yahoo's board rejected the offer. Today, Yahoo's market cap sits at just below $19bn. Partnering with Microsoft Months after having failed to make it to the altar with Microsoft, the worst financial crisis in decades hit. Steve Ballmer, Microsoft's CEO, must have breathed a sigh of relief and he capitalized on his luck by inking a partnership that gave him most of what he wanted without having to buy Yahoo.   While this deal may have been a convenient way to turn back the hands of time for Yahoo, at least partially, it was a far better deal for Microsoft, and didn't help Yahoo answer any of the fundamental questions crucial to its future.

The e-Privacy Directive Before I go any further, I must point out that the Directive covers more tracking than just cookies. In fact, it includes most types of tracking that track the individual at a personal level. The regulations (and the need for them) show marketers that there is a perceived lack of transparency and trust surrounding tracking used on the internet and what data is used for. It is this lack of transparency that needs to be addressed, regardless of the technology used to track the individual.  Modern internet marketing can be a sophisticated beast, focused on delivering the most relevant content and best experience for the user. The problem is, the majority of the general public may not realise this, in fact some might view marketing tracking as some sort of dangerous spy software, poised to sell you something, when you are least expecting it. And even if they don’t see the way they are tracked as particularly intrusive, do they understand how tracking is benefiting them and helping to improve their experience on the web? Information is the key. The clearer you are about how you plan to use data and the more accessible you make this information; the easier it will be to educate the internet user, and the more “informed consent” could be implied. What about email? For almost as long as email marketing has been around, marketers have been tracking the opens and clicks of the campaign recipients. They have also more recently been using post click tracking to inform the success of the campaign, either using third party solutions such as Google Analytics or solutions served directly from the website domain. Because of this, some of the tracking used in email marketing may be affected by the directive.     That said, email is different from web visits, as the recipient has requested the email communication from the marketer. However, this “difference” does not exclude email tracking from the regulations, and give the marketer “carte blanche” to use the data for all forms of use. It’s fairly safe to say that most people, who sign up for marketing emails, will have some expectation that what they open or click will be tracked by the organisation sending them. It would also be safe to say that they would expect you to be doing this to track campaign performance, as well as to ensure the campaign delivery.  This can all be taken as a given, as long as the information required by the recipient, is readily accessible from the data collection point, and written in a clear manner. It also follows that if the use to which the tracking and data is being put goes beyond that which the recipient is likely to expect or understand, a higher level of information and consent would be required. This is not quite as onerous as it sounds. As email marketers we always obtain consent before we send marketing emails anyway. The initial sign up process is an ideal place to engage with the potential recipient and offer information on data use and tracking. The DMA, in conjunction with the IAB, have recently issued guidance that sets out a number of opportunities to comply with the regulations. Various studies recently indicated a clear link to the privacy policy and transparent disclosure actually makes people feel better about signing up for marketing emails. So, for the email marketer, the new regulations should be seen as another opportunity to build trust with customers, not a barrier to business. For consumers there has always been a love/hate relationship with direct marketing. When we get it right, and deliver relevant and timely material, they love us; when we spam, they don’t. It’s up to the marketers now to inform their customers about the efforts they go to deliver more of what the customer wants, and less of what they don’t.

The cookie misnomer Everyone is talking about the run-up to May 26, when the ePrivacy Directive will begin being enforced by the Information Commissioner in the UK. The attention paid has been impressive, and we know that significant companies are taking critical steps behind the scenes. But we need to flag a problem.   Somehow, the term ‘cookie’ has crept into the conversation like an insidious little worm, eating its way into headlines, distracting the market and potentially sending well-intended companies sprinting in the wrong direction during this critical last stretch.  To be clear, we’re talking about compliance with the amended e-Privacy Directive. The portion of the Directive that applies to cookies is in fact written much more broadly and requires consent for non-essential tracking, regardless of whether or not a cookie is involved. Yet we hear the Directive referred to as the ‘Cookie Directive,’ and the ‘Cookie Law.’ Companies have sprung up selling ‘Cookie Solutions,’ and providing ‘Cookie Audits.’ We have fantastic new ‘Cookie Policies’ and detailed breakdowns of the functions of each cookie.   All of this is helpful in as much as it moves the ball incrementally forward. The danger is that our choice of words can end up putting horse blinders on our approach to compliance.  Cookies, tags and trackers As a lens through which to view tracking activity on your own site, a focus on cookies, to the exclusion of other technologies, is both incomplete and exhausting.   Tags are the central tracking element, not cookies. Many companies track the consumer using an alternative technology, like a flash object. In addition, an emerging class of trackers are beginning to use technologies like device fingerprinting.   These companies use tags, but do not leave behind any tracking object on the computer and as a result are typically invisible to web scanning technologies. Because of these gaps, a ‘Cookie Audit’ will frequently miss as much as 40% of tracking activity, a clearly unsustainable result for companies that wish to comply with the law. A complete dump of all cookies set on a site can also quickly become overwhelming. One company can set one cookie or 12, there is no pattern. And a large organisation with a portfolio of domains, or any company with an ad supported site, can easily have 100 or more trackers, each setting one to 12 cookies.   500 or more cookies are not at all uncommon. Further, it is often impossible to distinguish the specific purpose of individual cookies, with their cryptic names and randomised values. We’re talking about a massive undertaking, and for what benefit? You need to understand who is on your site, and what they are doing with data. Not the particular differences between these two cookies (and yes, they are real): a)name: __utmc, value: 46026228 b)name: __utmb, value: 46026228.1.10.1330142291 It can be very helpful to know which cookies are being set, but the cookies should not be the focal point of your analysis, or you will spend hundreds of hours diving down rat holes with questionable returns.   Instead, you need to up level your assessment to the companies that are tracking the user. Each company has distinct attributes relevant to your assessment, including: The categories of information they collect. Their business model. Data retention policy. Whether or not they have a properly functioning opt-out. Whether or not they engage in online behavioural advertising. The types of tracking technologies they are using, including tags, cookies, and flash objects. Whether or not ALL of their tracking activities can be considered ‘strictly necessary’ under the Directive. All of this information should be rolled together into a clear position on whether or not each company requires consent. You can do this yourself, or you can work with a company like Evidon, but whoever you use, be sure you don’t find yourself lost in a maze of cookies.  Tracking activity and the consumer When it comes to the consumer, again, cookies should not be the focus.  It makes no sense to inform them of just the tracking activity that uses cookies.   Disclosures that leap directly into a breakdown of each cookie are replacing a problem created by legal geeks (privacy policies) with a problem created by real geeks (technical explanations of hundreds of cookies).   The inability of most people to comprehend the dense legal language in a privacy policy is one of top reasons we’re in this mess today, but at least privacy policies are written in English. You must engage the consumer in a dialogue about tracking that is happening on your site to comply with the law and that dialogue must be specific, but there is no reason to leap directly to the logical extreme. Again, they need to know who is tracking them on your site and what they are doing with data. Your priority should be experimenting with interfaces that simplify the presentation of this information as much as possible, rather than running a microscope over the particulars of each cookie.   When discussing cookies, be sure to provide context. Include the company behind each cookie, with links to more information about that company’s practices. In the EU, our clients will be deploying consent solutions that make it clear to the consumer that tracking is taking place, using visual tools like the orange bar and Cookie Consent button on the bottom of the page below. Step 1: Consumer visits site and reads about the tracking taking place as well as their options. Step 2: If the consumer clicks on the Cookie Consent button, they will have access to a breakdown of the categories of tracking activity, including Essential, Analytics and Customisation, and Advertising.   They can withdraw consent for the latter two categories of tracking, as they are subject to the Directive, or they can click an arrow to read more about the tracking in each category. Step 3: If they click an arrow, they will see a list of the companies tracking them in each category along with the purpose of their tracking and can withdraw consent from individual companies. When taken together, these tools allow a company to have comfort that they have acquired the implied consent of the consumer. With all of this said, I want to be clear about the importance that cookies play as a part of your compliance game plan for the ePrivacy Directive. But do yourself a favour and strike any reference to the ‘Cookie Law.’  I still haven’t seen a copy of that law.

Following the revelation that Thompson did not receive a computer science degree, as he had claimed on his resume, Yahoo found itself in the spotlight. One member of the Yahoo board of directors, who was on the search committee that hired Thompson, resigned, and angry shareholders were threatening to take legal action. The situation came to a head yesterday when Thompson agreed to step down as CEO of Yahoo. According to one report, Yahoo will say that the resignation was part of a termination for "cause", allowing Yahoo to part ways with Thompson without paying him severance and delivering some $6.5m in restricted stock units. According to another report, Thompson agreed to resign after learning that he has been diagnosed with cancer. While there's more to this story to be written, the big questions now are how interim CEO Ross Levinsohn will manage Yahoo's affairs. Levinsohn, who has been at Yahoo since 2010, is best known for his role as President of Fox Interactive Media. Some to suggest that his background could lead him to pursue a more advertising-focused direction for Yahoo as opposed to the commerce-centric direction Thompson seemed to be taking. There are also questions as to whether Levinsohn could seek to reverse Thompson's aggressive patent strategy, which saw Yahoo sue Facebook in a lawsuit that has been a PR disaster for the once-great internet giant. It will probably take a while for everything to play out. Levinsohn is Yahoo's interim CEO, and while he's obviously a viable candidate to take over the position permanently, don't be surprised if Yahoo's board of directors, which itself will be changing quite a bit, takes the appointment of Yahoo's next CEO slowly, if for no reason other than to give the appearance that it's being more careful about who it hires as the company's chief. In the meantime, one thing is for sure: Yahoo may have solved the problem of a CEO with a bad resume, but it still hasn't solved the problems that Scott Thompson was hired to try to fix.

Cookie confusion There is much discussion of cookies thanks to the e-Privacy Directive, and one thing that comes from the various surveys is the lack of understanding of what cookies do.  In our recent cookie law survey, 40% said they believed cookies were bad for the web, while a recent IMRG study found that 33% thought they could be used for viruses and trojans.  This IAB study reveals a similar level of misunderstanding. Though half of the respondents said they had deleted cookies in the past six months, a lot of them didn't know what they were.  Of the 64% of people who said they knew what a cookie is, only 57% actually chose the correct definition from the options shown to them (in our recent survey, 69% said they knew what a cookie is).  This means that 39% of people who deleted cookies in the last six months did so without correctly knowing what cookies are and what they’re used for. Do you know what an online cookie is and why websites use them? This further underlines the issues facing websites looking to comply with the e-Privacy Directive and persuade customers to give their consent. If most don't even know what they are, how can they make an informed decision, and will they trust the explanations provided by online retailers?  Attitudes to online advertising 52% of consumers are happy to see online advertising because it allows them to view content or use services online at no cost. 61% expect that a large portion of the web would disappear without the advertising revenue that is needed to support it.  It's good that a majority appreciate the importance of advertising though it seems the other 39% expect free content while failing to appreciate how it is provided to them.  Customers also want control, 45% want to control the ads they see online, while 40% want 'easy access' to the information that is being stored about them.  Relevant advertising This is a point on which marketers and consumers agree. Web users don't want to see irrelevant ads, and advertisers want to deliver their content to a receptive audience.  55% said they would rather see online advertising relevant to their interests and 59% would prefer a lower number of relevant ads than a higher volume of irrelevant ones.  This is where cookies are vital, and the e-Privacy Directive will actually work against consumer wishes in this case.  This is because, according to our recent survey, the very cookies that store information which is used to improve the relevance of ads are those that consumers are least likely to consent to.  Just 21% are happy to consent to cookies which are used to improve ad relevance, and 17% for those used to target them on third party sites.  What kinds of cookies would you be happy to consent to? If consumers want more relevant ads, and free content on the web, the price is to provide enough information to allow this to happen. People are happy enough to share plenty of details and photos of their personal lives on Facebook. The information stored on most cookies is nowhere near as personal.  Image credit: mollybob via Flickr

The survey results Here's a summary of the key findings from the survey. The results broadly match those found in our recent consumer survey, though we didn't ask consumers whether they thought the directive was good for the web, as we thought it would be too tricky to explain succinctly. I do wonder about the 89% figure. Were consumers told about the potential threat to online businesses, and their own user experience, or simply that is was a law designed to improve privacy online?  75% of the 2,000 consumers surveyed have not heard of the new EU cookie directive. Of those that had, only 16% were truly aware of what changes would come into effect on May 26th.  After being told about the directive (wonder how long that took to explain?) 89% of those surveyed felt that it was positive for consumers and 79% agreed that the changes were needed due to the lack of public knowledge about cookies.   23% are happy for websites to use cookies to improve their browsing experience, which is the same number who said they would be keen to opt-in in our survey.  Are marketers and consumers that far apart?  While the difference between the views of the consumer and the marketers we surveyed may suggest that the latter are not listening to customer concerns, I think there is more to it than that.  For one, the 82% of marketers who believe the cookie law is bad for the web do not necessarily disagree with the 'spirit' of the directive, just the ham-fisted way in which it has been applied.  This is a typical comment from our survey:  While I'm all for protecting privacy, the bit of this directive that applies to cookies has been ill thought out and even more badly applied, by someone who doesn't understand the technology. Rather than try and analyse what cookies are actually intrusive, they've just 'banned' the lot!  Are you concerned about your privacy when browsing and buying online?   In short, nobody really objects to consumers being informed about the information that websites take from them and how they use it, but the directive and its implementation will possibly hinder this process.  Public perception of cookies It's clear that users need to be educated about cookies and what they are used for, as there are many people who seem to view them as something to be feared.  33% of those surveyed by IMRG believed that cookies could be used for viruses and Trojans, while in our survey 40% said they thought cookies were bad for the web.  This is a big problem for online businesses, as many people are likely to opt-out of cookies for the wrong reasons, and this is a real threat to online businesses.  I'm all for consumers being given the information they need to make an informed decision about cookies, and if websites make cookie and privacy policies more prominent and informative as a result of this, that's no bad thing.  At Econsultancy, we have made our privacy and cookie information more prominent, and users of our site can see exactly what information we gather and why. After reading this, users can make their own decisions about whether to block cookies using their browser settings.  If the demands of the directive stopped at this point, I think there would be very few people who would argue with it.  The problem is that the demand for overt and informed consent means that, if websites comply, users will begin to see all sorts of scary messages about cookies associated with words like targeting and tracking.  Since many already see cookies as a bad thing, many are likely to say no without actually thinking, while others will just be irritated by interruptive messaging and abandon the site. Thus online businesses lose sales and revenue, while the customer is no more informed than before.  According to Lovehoney E-commerce manager (and now TV star) Matthew Curry:  Many people don't understand the technology, and the Cookies = Evil message implied by the directive is just going to make it worse. Try explaining to your average user what an affiliate is, or a session, or MVT. It's not going to work. This HAS to be a message about privacy, and being open to your visitors about what you do in the simplest language possible.  Will the cookie law make the web safer?  Really, most consumers have nothing to fear from cookies, and they do much to improve the user experience.  Do analytics cookies do users any harm? No, they don't store any personally identifiable information, and actually allow websites to improve by learning from usage patterns.  Of course, cookies used for ad targeting are likely to be the most objectionable to web users. The words targeting and tracking conjure thoughts of Big Brother, but all they do is improve the relevance of advertising for the average user.  This is no bad thing, and people are free to ignore ads or even use adblockers to get rid of them.  I can see why people object to retargeting, and it is techniques like this which may have triggered the update to the PECR.  Then there's the point that cookie consent pop-ups hamper reputable businesses while doing nothing to safeguard consumers against dodgy sites.  This point has been well made by Martin Belam:  One of my biggest concerns with the new emphasis on gaining consent for placing cookies on a user’s computer is that it means mainstream sites and businesses will spend the time and effort to make systems that will interrupt the browsing experience, whereas those that are planning nefarious activities won’t bother. Ironically the legislation will make the user experience of sites that mean you and your data harm smoother and easier than the user experience of sites that are being responsible about cookies. Publishing and online ad revenue We all know about the problems that many publishers are having as offline ad incomes shrink, and if newspapers are to keep their content free for consumers, then they have to make money somewhere.  Of course, some take it too far with pop-ups, interstitials etc, and spoil the user experience, but not every site. However, if users want free content by quality writers, then they have to be paid somehow, and ad targeting is one such method. Martin Belam made this point in the comments of a Guardian article on cookies, and there wasn't much sympathy for his opinion: I must say that on a personal level it always dismays me the number of people who are happy to come onto the Guardian site, where we rely on commercial components to pay for the journalism, and then use our free commenting platform to recommend that people use AdBlock, or disable the analytics scripts that are the only way we can measure usage of the site to prove the worth of it to advertisers. It basically says ‘I’ll have your news for free thanks, and I don’t even want you to be able to generate the money it has cost you in bandwidth and storage to serve the page - let alone pay for the reporting.’ Is it possible to have an "unobtrusive and customer-friendly cookie notification process" as the IMRG suggests?  I'd say it's tricky. It's well documented that any barrier to the user's progress through a website, such as compulsory registration, increases the likelihood that customers will abandon.  Therefore even the most cleverly worded and well designed cookie consent mechanisms, such as BT's, will inevitably cost some sales.  Belron's Craig Sullivan sums this up:  We run many millions of tests every month on our sites.  We know from experience and testing, that interrupting people with a new opt-in interface or a 'Halt' message will actively harm both the user experience and our business.   European companies implementing a full opt-in user interface will find two things. Firstly, that their conversion rate drops and secondly, that their ability to use customer tracking reduces their ability to improve their site.   In conclusion... The results of this survey highlight consumer concerns about privacy, but also the difficulties that websites will face if they are forced to ask for consent to set cookies.  It's possible to have an unobtrusive and consumer friendly cookie notification process if solutions such as Econsultancy's and those adopted by John Lewis are considered to be acceptable.  I appreciate that the ICO is in a difficult position and is trying to take business concerns into account while attempting to take the directive seriously, but the lack of clear guidance has caused much confusion among online businesses. We're a few weeks away from the 'deadline' and, short of carrying out cookie audits and enhancing privacy policies, most are still unsure how to comply.  It seems that the ICO, which doesn't know what compliance is, will consider this to be enough in most cases (at least for analytics cookies) but how this will apply to other cookies remains to be seen.  However, if strict consent is forced upon websites, then users and businesses will suffer for very little gain.  That said, I think very few businesses will 'fully comply' unless the enforcement of the law after May 26th leaves them no alternative. Let's hope common sense prevails.    (Our report, The EU Cookie Law: A Guide to Compliance, explains the legislation as far as it affects UK online businesses, sets out some practical steps that you can take towards compliance, and includes examples of how websites can gain users’ consent for setting cookies. Do check it out.)

According to Oracle, Google effectively copied 37 Java APIs into its Android operating system, and this represented copyright infringement. The jury, which agreed, was instructed by the judge in the case, William Alsup, to deliberate with the understanding that the structure, organization and sequence of the APIs was copyrightable in the first place. He may yet decide as a matter of law that this is not the case, but if he doesn't, the future of the API may be a lot more bleak. As Wired's Robert McMillan details, disputes similar in nature to those being litigated in Oracle v. Google could abound due to the fact that APIs are often imitated, if not duplicated. He points to the cloud, where high-profile projects like OpenStack seek to "mimics" Amazon's AWS APIs. If APIs can be copyrighted, OpenStack and similar initiatives could find themselves in dangerous territory legally. Particularly disconcerting is the fact that a European court ruled that APIs are not subject to copyright. If courts in the United States, however, take a different approach (for reasons sensible or not), it will likely create a complicated, confusing environment for the countless companies that have created and/or use APIs that are crucial in everything from operating systems to popular internet services. What's more, as McMillan points out, is that copyright lasts a long time -- 95 years -- as opposed to 20 years for patents. So if you think that the patent wars are bad, the copyright wars over APIs could be even worse. The question now is whether a single court in the United States will open up Pandora's Box, and if it does, how many companies are, as Oracle apparently is, willing to embrace what's inside.

I asked the DMA's Mark Brill about the issue of mobile and cookie consent:  What are the unique challenges for complying with e-Privacy guidelines on mobile when compared to desktop?  As convergent devices mobile, and smartphones in particular, cut across many channels and technologies. Whereas desktop is largely concerned with browser based cookies and email tracking, in mobile we also have to consider apps and other tech channels. Mobile is both a personal and unique device, so brands need to take particular care around user permissions in this channel. Online businesses are concerned about bounce rates caused by consent mechanisms, but surely this is an even bigger problem on a smaller mobile screen?   Besides simply the screen size, there are many UX issues with mobile. Touch interactions, location and even user intent make mobile quite a different experience. Concern with bounce rates from pop-ups is completely understandable, but there are many mobile UX solutions yet to be explored. The BT permissions slider is an example of something that might work well on mobile, but hasn’t yet been tried.  In the white paper we’ve mentioned the use of short form versions of cookies policies which can be used in apps and mobile sites. There are few great examples of brands executing mobile web well, so there is a lot more that can be done to create a good user experience. They therefore need to explore new ways to get consent on the mobile web. The problem of obtaining consent for cookies on mobile devices Essentially, the problems are the same as for desktop, but trickier thanks to smaller screens and the number of different devices. In a recent Econsultancy/Toluna survey, just 23% said they would happily give consent to online cookies. It's likely to be much less for mobile.  Brands have been working hard on their multichannel strategies over the past few years, and now retailers like John Lewis and M&S offer ease of access and purchase across different channels.  If I've already given consent for the retailer to use cookies on my laptop, the directive and guidance says I need to go through this again when I use the mobile site.  This potentially places a spanner in the works of a retailer's multichannel strategy, and the same principle applies for users switching between work PCs and laptops at home for instance.  As the customer switches between devices they will see the same consent messages, which could becoming annoying, as the customers sees only one retailer asking them the same question again and again.  There is little retailers can do about this, unless customers log in every time they visit.  Mobile cookie consent and the user experience As on desktop, there is, as yet, no browser-based solution to consent, so until (hopefully) the browser firms ride to the rescue, there is a real threat to the mobile experience.  If firms are forced to strictly comply and actively seek mobile users' consent for cookies, it's easy to see how the poor experience could decimate mobile sales.  Pop-ups and intrusive messages are a pain on desktop sites, but you can multiply the annoyance factor by about 20 if you apply these to mobile sites.  For example, BT's slider too is an excellent method of informing users about the cookies that are being used and allowing people to opt out of certain categories, such as cookies used for targeting.  It needs to be relatively detailed in order to provide the information and the cookie settings options, but it's hard to see how this could be applied to mobile.  At the moment, it's impossible to change settings on mobile (at least on iPhone), but even if the slider actually worked, you can see how fiddly it would be to alter settings.  Options for gaining consent for mobile users Mobile messaging For SMS and MMS, as there is no information stored on the user's mobile (their terminal device), this does not fall under the regulations.  Mobile websites Landing pages for consent The only way to gain consent, strictly speaking, is to direct visitors to a landing page, where users can be asked to give consent for cookies. After giving consent, they can then be sent to the page they wanted to go to in the first place.  Obviously, this will be annoying for customers. After seeing a page they didn't request, then having to fill in a form or answer a question before they can head to the site, many will undoubtedly abandon.  Speed is vital for mobile sites, and anything that means more pageloads will be bad for business.  Consent through registration For repeat and engaged customers, this may not be a problem. Registration does generally make mobile purchases easier, as it allows for saved billing details, but for new customers, compulsory registration could be the kiss of death.  We have plenty of stats, with reference to desktop, that making people register before checkout is a conversion killer. Indeed, ASOS recently halved its abandonment rates by removing this step.  It is fair to assume that compulsory registration is as big a barrier for mobile commerce as it is for desktop. In fact, it's likely to be worse.  In this case, strict compliance would mean asking users to register before they visit a page on the site.  The only e-commerce site I have ever seen ask for registration before even adding products to the basket is Playmobil, and that site is nuts...  Asking new visitors to register before browsing the mobile site would be absolute madness, and therefore very few (if any) retailers will do this.  Implied consent Though not strictly compliant, this is the only real way to inform users about cookies without destroying the user experience.  It's what we have done on our site, by adding a more prominent link to our cookies and privacy policy and providing detailed information on the information we store and why.  If after viewing this, users wish to opt out, they can do so via browser settings.  In a similar way, mobile sites could add a more prominent link and send those that click on it to more information and, if they do want to add a consent question, this could be placed within this cookie policy page.  This means that those who want to opt out are able to do so, but it doesn't harm the user experience for others.  Also, companies would be able to argue that they have provided this information and given them the option to view further detail.  Indeed, in a recent interview with the ICO's Dave Evans, he did think that implied consent would be acceptable, in some cases at least.  Mobile and web apps Since the user is actively downloading an app, the problem of consent is simplified.  According to the DMA's white paper:  While mobile native apps are not referred to specifically within the Regulations, they would be relevant where apps set cookie or other tracking technology on a user’s mobile handset, and are used by the marketing organisation to access information on the handset.  For new downloads of apps, the user can be asked to agree to a set of terms and conditions when downloading the app or when first accessing it.  This is much simpler than for mobile websites but, since the average user is unlikely to read T&Cs, it doesn't necessarily achieve what the EU directive sets out to do i.e. improve consumer awareness of privacy issues.  It gets trickier for existing users of apps, as they will not have given consent when downloading, and therefore they may need to agree to an updated set of T&Cs.  QR and barcode scanning According to the DMA white paper, the act of scanning a code does not fall under the regulations, nor does delivering a barcode, such as a ticket, to a user's handset.  However, it is unclear whether a QR code which sent users to a landing page would be affected. In theory, if they land on a mobile site, that site would then need to gain consent.  Obviously, this wouldn't help to improve the success rates of QR campaigns. NFC / contactless payments  It's early days for NFC and though the ICO hasn't produced any guidance, it does fall under the regulations. According to the DMA: Positive consent to the use of cookie or other tracking technology should be obtained before the first time the user accesses the file or app on the handset. In conclusion Just as for desktop sites, the cookie law is a headache for mobile marketers and those forward-thinking retailers that have developed mobile commerce sites and apps for their customers.  Since creating a great user experience is more of a challenge for mobile sites and apps, this EU directive presents a real threat to mobile commerce.  We have seen rapid growth in mobile commerce over the last few years, and there is still plenty of room fur further growth.  There are also plenty of barriers to providing a great user experience on mobile, such as fiddly checkout processes, variable mobile internet connections, difficulties in catering for different devices etc.  If strictly enforced, the EU 'cookie law' would severely hamper the user experience on mobile and restrict sales through this channel.  For that reason, I would be surprised if any retailer adds consent mechanisms like those outlined above to their mobile site, unless they absolutely have to.    I'd love to hear your thoughts on the cookie law as it applies to mobile marketing, especially the steps you intend to take towards compliance on your own and clients' mobile sites and campaigns... (Our report, The EU Cookie Law: A Guide to Compliance, explains the legislation as far as it affects UK online businesses, sets out some practical steps that you can take towards compliance, and includes examples of how websites can gain users’ consent for setting cookies. Do check it out.)

That could be good news as the company begins to monetize its impressive audience, but keeping some of the money it earns might be difficult if adult publisher Perfect 10 has its way. The company, which made a name for itself in the tech community by engaging in a high-profile battle with Google over the use of thumbnails of its photographs in the search engine's index, filed a lawsuit against Tumblr on Friday alleging copyright infringment. According to Perfect 10, the company ignored its DMCA requests to remove user-posted photographs Perfect 10 claims are its property. paidContent quotes Perfect 10 CEO Norm Zada as suggesting that Tumblr is essentially asleep at wheel. I’m not sure anyone’s checking that email. Twenty-five other Internet Service Providers have taken down material that Perfect 10 has identified in our DMCA notices, Tumblr did not. As paidContent's Jeff John Roberts notes, Perfect 10's lawsuit against Tumblr could be an interesting one. While copyright infringement lawsuits are nothing new (just look at Viacom's landmark YouTube lawsuit which continues to drag on), the action here is one of the first targeting the latest generation of image-centric services, which include Tumblr and Pinterest. Tumblr's defense will almost certainly be that it's protected under the DMCA, and we do know that it has responded to trademark infringement requests in the past, albeit in a fashion that may have been too generous to the trademark holder in question. But Perfect 10 isn't just claiming that Tumblr has failed to adequately deal with its takedown notices, it's arguing that Tumblr employees actually posted Perfect 10 content themselves "to help start the business." If Perfect 10 is able to prove this claim, Tumblr could lose the protections the DMCA affords service providers. Obviously, it's far too early to jump to conclusions, and you can be sure that Tumblr's side of the story will differ from Perfect 10's. But this lawsuit is a good reminder that contentious, long-standing issues around copyright infringement still remain, and some of the original players in bringing them to the forefront are still as willing as ever to take action when they think they've been wronged. There are no easy answers here, but savvy startups will probably decide that a proactive stance is appropriate. Case in point: Pinterest, which has come under scrutiny itself, is attempting to address legal concerns in a fashion that doesn't completely destroy its service. Whether that works or not only time will tell, and Perfect 10's Tumblr lawsuit could have a big impact on some of today's hottest startups if the matter isn't settled amicably.

How does it work? Email appending is the process of using a third party email list and implementing some sort of matching criteria (present on both your own and the third party data list) to link an email address to a person on your database. It is a process that can be fraught with issues, the first of which is the matching criteria. You really need to make sure you match as much criteria as possible to ensure the person you are matching against is who you think it is. For example, if all you have is J. Bloggs living at a certain address, but at that is address is a Joe Bloggs and Jane Bloggs, how do you know which one is your subscriber? The more information you have the better (age, gender), so you can be sure you are adding the right users to your list. The next step is ensuring the emails you end up with have the correct permission to allow you to email them. The ICO (Information Commissionaires Office) recommends permission to use data that has been gathered for third party use, should have active “opt in” consent, not “opt out” implied consent. In fact, the ICO also states in its advice to marketers: One of the most frequent comments made in complaints we receive is… Where did they get my email address or mobile number from? I certainly didn’t give it to them. 2011 regulations by the EC Directive suggest: You may wish to send a ‘low-key’ message explaining where you have got their details from and double checking whether they are, in fact, happy to hear from you in this way. You could not assume consent from their failure to respond. The data quality issue It’s this “failure to respond” that puts the biggest strain of the credibility of the process. Regardless of the legalities, using an “opt out” introductory email will inevitably lead to you having people on your database that don’t want to be there. If you consider the numbers, in any campaign you are only likely to get a 20% open rate at best. Even if you do this three times, you are only likely to have been exposed to 30% of the match file. This means that under an opt out regime 70% of your match list will not have signed up to be on your list. This is bad news for two key reasons: It can damage your brand credibility. It can negatively affect your list deliverability and inbox placement due to complaints. In fact, some email service providers refuse to accept appended email addresses due to the issues they cause. I know this all sounds negative, but let’s face it, there’s really nothing wrong with appending an email address to your client list, as long as the recipient wants to be there and has indicated as much. And as an email marketer, you wouldn’t choose to damage your brands reputation, nor would you sacrifice inbox placement on purpose. So you need to consider carefully what the objective of the exercise is.  Is it worth it? If you are looking to enrich your database with valuable active subscribers that read your emails, the only way to accomplish this would be to encourage them to opt in. It’s going to be more expensive than taking everyone who doesn’t opt out, but the data will also be more valuable. And this brings us to what the whole point of the exercise is, how much is it really worth spending to get this email address? If, by appending this email address, you will obtain more business from the customer, how much business are we looking at? Alternatively, if the object is to save money over more expensive media, how much are you looking to save? Once you have the answers to these questions, you know how much you have to spend on acquiring a responsive and recent email address. It might justify a web based competition, or direct mail campaigns, or even a customer services phone call for your really valuable customers. Whichever way you choose to go, a live, responsive, email address is the only one worth obtaining.