EU cookie law takes the biscuit

Those nice bureaucrats at the EU have been spending our hard earned taxes again and come up with another gem, this time about Cookies.

According to this half baked idea, all web sites must now ask for permission before setting a cookie on a visitor’s computer. Cookies have been around since the dawn of the internet as we know it, and typically they’re used to remember things whether you’re logged in to a site, the contents of your shopping cart, tracking which pages you visit, and serving advertisements.

Although the law came into effect on 26th may 2011 the ICO will not be “enforcing” the law until a year from that date. After that date you can be fined up to £500,000 for non compliance, yes, half a million quid!

Exceptions

The documentation does specify that “strictly necessary” cookies are exempt and cites remembering the contents of a shopping cart as an example. However, not surprisingly, they don’t provide any clear guidance or useful examples that may be “strictly necessary”, rather leaving us with a totally vague set of documents that are open to interpretation.

The only examples that can be deemed as not necessary are instances such as tracking which pages are visited by a visitor, or using cookies in conjunction with serving (3rd party) advertisements.

Getting permission

The ICO documents offer “solutions” for gaining consent including pop-up windows and on-page text blocks with a checkbox so you can agree or disagree for cookies to be set. That’s alarming, apart from everyone hating evil pop-ups, many people will totally miss the opt in/out forms and wonder why web sites suddenly stop working for them. And worst of all this could result in visitors leaving sites and a severe drop in sales.

As usual a law has been made by people who don’t understand what they are talking about.

If this were to happen in the real world…

Imagine going into a High Street superstore, but before you enter you’re stopped by a security guard who informs you that during your visit you will:

1. be monitored by their CCTV system
2. be watched by store detectives
3. be targeted by in-store advertising
4. have the details of any purchase you make used for statistical analysis

“Do you wish to enter our store?” says the guard. How would you proceed?

In the material world we accept these things as part of everyday life, so what’s different about this and the ways web sites work?

How’s it going to be implemented?

At the time of writing the ICO sites seems to be the only site that’s adhering to this law (that’s just funny). That will no doubt change as time goes on but, until developers work on the best approach to solve the numerous technical problems this law throws up, everyone seems to be sitting on the fence waiting to see what happens. Luckily the UK government has deferred the law for another year.

If you can stomach it you can read the full monty at http://www.ico.gov.uk/news/current_topics/new_pecr_rules.aspx

Will this be one cookie that crumbles?

28th May 2011 by Rob Allen | Filed in The Internet