Some reasons why your company/organisation should start using AI now!

AI built in to the heart of user interfaces

Within a few short years, some companies and organisations will have adopted Artificial Intelligence (AI) in at least one part of their work: interfacing with their customers.  (I’m using customers in the widest sense of the word: it could be students in education, or patients in healthcare for example).

Imagine the following:

  • Instead of having to log in to a website or an application, the application simply recognises the user’s face or voice
  • Instead of having to click on a menu to navigate the app, the user can just talk to it, either by speaking or using a chatbot type interface.
  • Instead of calling customer service (and being told “you are currently number two in a queue” or “Our business hours are 0900 to 1700 Monday to Friday, please call back during those times” ), they can get an immediate response (24 hours a day, 365 days a year) from a chatbot.

If customers have a choice between interacting with one organisation in that way, or another in the more traditional way, I think they will vote with their feet.

It’s a straightforward matter of economics

Course 6 (out of 10) of the Microsoft Professional Program for Big Data

As I continue on my #datascience, #bigdata and #ai journey, I am pleased to have just completed my 6th course on the Microsoft Professional Program for Big Data with 84%: Delivering a Data Warehouse in the Cloud.

There are 4 more courses left on the program, and I am still on track to complete the program by my target of the end of January 2019.

Like the EU, many EU country data protection regulators don’t show cookie notices either

(Post by Patrick Lee, 28 August 2018).

Further to my previous article on the EU and cookies, here is a link to a short video “The EU website has no cookies notice”.

This can be viewed as a curiosity if the EU updates its website to include cookie notices, so that it is in line with what many (most) businesses have felt they have had to do. And some – but by no means all – country data protection regulators.

So, what ARE the country data protection regulators doing about cookies?

https://en.wikipedia.org/wiki/National_data_protection_authority has a list of data protection regulators.

This is by no means an exhaustive survey, but from the ones that I have looked at so far:

Regulators with cookie notices on their sites

If you haven’t yet added cookie notices, you seem to be in good company (the EU …)

GDPR and cookies: I was looking for best practice

(Post by Patrick Lee, 26 August 2018).

I was trying to answer questions from an acquaintance about cookie notices, and I went looking for examples of best practice. So I visited both the UK Information Commissioner’s Office ( ICO) and the European Union (EU)’s websites. This is what I found.

The EU’s General Data Protection Regulations (GDPR) came into force across the whole of the EU just over 3 months ago, on 25 May 2018. As a result, many of you will have seen (and indeed before May) prominent cookie notices asking you to give explicit consent when visiting websites.

The ICO’s website: looks pretty good

This cookie notice is what you see, and very prominently when you visit the UK Information Commissioner’s (ICO) website for the first time (or after clearing cookies):

ICOWebsiteCookieNotice26Aug2018

The reason for this is that cookies can be used to record personal information. Under GDPR, (and this is from the ICO’s own guidance – the bold emphasis is mine):

Consent must involve some form of communication where the individual knowingly indicates their acceptance. This may involve clicking an icon, sending an email or subscribing to a service. The crucial consideration is that the individual must fully understand that by the action in question they will be giving consent.

In other words, the ICO is implying that users need to knowingly perform an action to give consent to cookies. And that is precisely what the ICO’s own website does via its prominent cookie control notice.

To me (and I should make clear that I am not a lawyer) the ICO website does indeed appear to be very much in line with the letter and spirit of the GDPR.

The EU’s website: a very different story

What about the EU’s website, europa.eu? Remember that I visited in the expectation of seeing an example of good, or perhaps best practice.

At present, the EU’s website, http://europa.eu doesn’t give visitors any notice or prominent indication that it is storing cookies on their device.

This is what you see the first time you go to http://europa.eu (or if you have cleared cookies). Notice as well as the absence of any cookie notice, the “Not secure” warning from Google Chrome. This seems to be because, unlike the ICO, the EU website does not (initially at least) redirect users to the secure version of their website (https://europa.eu):

EUWebsiteInsecureAsAt26Aug2018
If you click on English as your desired language, you then see (notice that the site has now at least redirected me to its secure version):

EUWebsiteAfterSelectingEnglishAsLanguage

There is no cookie notice, or prominent link to information about what cookies it stores and what their purpose is. You have to look in the top right or scroll right down to the bottom of the page to see links to Cookies and Privacy policy.

EU Cookies page says they “may” store cookies

The Cookies page says that they may use cookies (amongst other reasons) to record whether visitors have agreed (or not) to the use of cookies on their site.

EUWebsiteCookiesPage

Remember that the site says it *may* use cookies. What is it actually doing by this stage? If you are using Google Chrome, you can see which cookies a site is storing on your device by using Ctrl + Shift + I to bring up the developer tools. Then click on the Application tab from the top, and click and expand the Cookies link on the left and click on the name of the site you are visiting.

By this stage, I had decided to look at the site’s Privacy Policy page, and this is what came up:

EUPrivacyPolicyPageOnFirstVisit26Aug2018

So while the site’s Cookies page says that it “may” store cookies, or (at the top) “we sometimes place” (them) on your device, it has already stored 4 cookies. In fact it stored 2 cookies when I opened the home page, and the third, has_js, when I clicked on the link to use English as my desired language. The 4th, PIKIW_SESSID, appeared when I went to the Privacy Policy page.

The privacy policy page says that by default website visitors are tracked using cookies from Europa. Rather than (as recommended by the UK Information Commissioner’s Office guidance) asking for explicit consent (in other words, an explicit opt-in), notice that the EU has chosen to rely on an implicit opt-in, i.e. you have to untick the box to opt out:

By default, website visitors are tracked using the first-party persistent cookies from Europa. You may choose not to be tracked by Piwik (opt-out). If you change your mind, you can choose to be tracked again by Piwik (opt-in).

Notice again the PIWIK_SESSID cookie. That seems to be the tracking cookie that the EU is referring to.

Let’s try opting out

But what happens if you decide to opt out? Does the EU’s site do what it says it will do? When you first visit the Privacy Policy page, the Piwik cookie is stored on your pc. The privacy page says that you are opted-in to be tracked by Piwik, but that you can choose not to have a unique web analytics cookie stored on your device, presumably the Piwik cookie that has just been stored. So let’s try opting out by unticking the “you are currently opted in” checkbox.

The site now says that you have opted out, and has an extra cookie (piwik_ignore) to record that you have opted out:

EUWebsitePrivacyPolicyPageAfterOptingOut26Aug2018

The tracking cookie is still there …

But the PIWIK cookie (PIWIK_SESSID) cookie is still there!

Does it disappear when I go to another page on the site, e.g. the page on Personal Data Protection? No, the cookie is still there.

Perhaps it will go away if we close the browser completely and re-open it …

What if I close the browser completely and open it up again. Will the cookie have disappeared? Apparently not!

EUPrivacyPolicyPageAfterClosingAndReopeningChromeAsAt2013On26Aug2018

It’s not just Google Chrome: similar things happen if you open the site in a different browser, Microsoft Edge.

Conclusion

My conclusion? Again, I am not a lawyer, but I think it is not clear whether the EU website complies with the GDPR (its own regulations) at the moment:

  • there is no prominent cookie notice when you visit the site
  • you have to explicitly opt out of being tracked
  • even when you do opt out, contrary to what the site says, the same or very similar cookie that is used for tracking is still there.

(Article dated 26 August 2018). #GDPR, #EU #Cookies #Privacy