The so-called “Cookie Law” came into effect on 26/05/2012.
So, what are cookies? They are small text files placed on your computer by the website you are viewing. They are used by the owners of that website for various purposes:
- Analysing their web visitors and what they do on the site.
- Managing on-line shops (eg, remembering what’s in a visitor’s “shopping basket”).
- Personalising the way the visitor sees the website (remembering preferences).
- Tracking the online behaviour of the visitor to target advertising.
And what is the new law about?
It says that a website must seek “informed consent” before placing cookies on a visitor’s computer. This implies that the site must explain what cookies it sets and what their uses are (to ensure that the consent is “informed”), and that the user must agree to the cookies being placed (the “consent” part).
How will websites comply?
Aah, now it gets difficult. It’s been estimated that only about 5% of sites that need to comply have done anything about it. This is probably because no-one wants to use the most obvious solution. This is the introduction of a popup window explaining about consent and requiring the user to click on a button, thereby granting consent to place cookies. It would seem that everyone is watching everyone else to see who comes up with a better way of dealing with this.
And why is it stupid?
It will alienate web visitors rather than help them. They have to click to confirm acceptance of cookies EVERY TIME they visit a site. This, of course, could be repeated dozens of times a day as the visitor goes to different sites.
It’s about as blunt a tool as you can imagine. You won’t get to choose which type of cookies you accept or what the website can do with your cookies or anything like that. It’s simply a question of the website saying (in effect) “if you want to use this website you’ll have to agree to accept ALL the cookies I place on your computer”.
No-one’s going to take the slightest bit of notice of the information that websites will have to provide to ensure that consent is “informed”. Do you EVER read the “terms and conditions” that you have to agree to before you can install/update software? Of course not. It won’t be any different with information about cookies.
There are better ways of dealing with the privacy issues connected with cookies. Settings in the browser (Internet Explorer, Firefox etc) are better placed to deal with cookies in a way that suits the individual user (eg, by deleting all cookies when the browser is closed, denying acceptance of “third party” cookies, etc).
Even the authorities appear to think it’s stupid
The government has said that their own websites do not conform.
The ICO (Information Commissioners Office) is responsible for enforcing the new law, but even they appear to be saying “don’t blame us, it’s not our fault” when they say “The Information Commissioner is responsible for enforcing the law, and can’t change the legislation which was passed by the EU, and later implemented by the Department for Culture, Media and Sport (DCMS).” (source).
There is evidence that the government is already trying to wriggle out of having to enforce this law by suggesting that all that websites need to do is rely on the idea of “implied consent” – ie, all the website owners have to do is – nothing. The ICO site says “Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.” The ICO guidance booklet states that “implied consent” can be inferred from the mere act of visiting a website and moving from page to page! Honestly. I kid you not. Page 7 says “For implied consent to work there has to be some action taken by the consenting individual from which their consent can be inferred. This might for example be visiting a website, moving from one page to another or clicking on a particular button. The key point, however, is that when taking this action the individual has to have a reasonable understanding that by doing so they are agreeing to cookies being set. “ Duh!
See this Guardian article for further information on implied consent.
Conclusion: Like almost everyone else, I am not rushing into ruining my website by forcing visitors to respond to popup messages. I am recommending to my own computer clients that they don’t spend time and money making their own websites compliant at the moment as the ICO have made it clear that they are not going to be fining anyone in the forseeable future.
If you get annoyed by such popups on other sites, please have some sympathy for the site owner: they’re just trying to conform to a stupid law introduced by the same government that brought us Pastygate!
And just in case you’re inclined to defend this law by saying it’s only the UK enactment of an EU Directive, then I suggest reading the Guardian article referred to above: it appears that the rest of Europe is not taking this Directive seriously.