12 February 2016
This January Voxter conducted a simple desk research project, analysing 200 leading UK market research agencies* to see if their publicly accessible websites comply with EU data protection (the ‘cookie law’).
71% don’t, including some very big names.
The reason for this exercise was to measure standards in market research, where awareness of data protection is high, and where sensitive handling of data is paramount for valid research, compliance, and trust.
To be clear, this survey is not about agencies’ core research methods, it is about how websites gather data, and how websites with a responsible attitude to this can foster greater trust in their visitors.
Big data and privacy is a huge issue in the online world, and of great concern to the public - a 2015 poll by campaign group Big Brother Watch found that 58% of the UK public said that ‘companies should never gather personal data unless they explain why and I specifically give my permission each time’.
The salient point here is that EU law came into force in the UK in 2011 that requires websites to tell people about the data (usually as cookies) they collect. The ICO says:
You must tell people if you set cookies, and clearly explain what the cookies do and why. You must also get the user’s consent. Consent can be implied, but must be knowingly given.
85% of the websites we examined collected cookies of one type or another. 90% of these use Google Analytics (GA) to track user visits, which is a market research tool for you but also for Google. A savvy web user could remain reasonably anonymous, but many people have large amounts of quite granular, personal data stored by Google - GA can already give you demographic and affinity data on web users, as well as location, device and so on. It also extends Google’s knowledge way beyond users’ search history, to a more and more extended browsing history.
Given the nature of the information obtained about people on websites, and the obvious parallels with the research industry, we think it’s best practice to comply with this directive, as web users get ever more suspicious of data harvesting online.
*Our sample included all agencies listed on the MRS website as Company Partner Full Service Agencies whose weblinks functioned on 19 January 2016.