This Stupid Law ….
Does My Site Serve Cookies?
Most of the sites on the internet do, anything from Google Ads running, to Google Analytics and pretty much any customer login sites (WordPress CMS) , as well as shopping carts, FaceBook and other social network widgets. Even websites with forms (Where customers fill in their data or information) are likely to have cookies. Chances are if you have a website its probably serving cookies.
What Are The Penalties?
Penalties are financial and potentially severe.
The ICO (the body responsible) has the power to serve penalties of up to £500,000 (about $800,000) to organisations that seriously breach the law. Details are still being defined and are likely to be tested in court.
What Happens If I Don’t Comply In Time?
The ICO announced at the last minute that companies have until May 2012 to comply.
The ICO says:
“The government’s view is that there should be a phased approach to the implementation of these changes. In light of this if the ICO were to receive a complaint about a website, we would expect an organisation’s response to set out how they have considered the points above and that they have a realistic plan to achieve compliance. We would handle this sort of response very differently to one from an organisation which decides to avoid making any change to current practice.”
Which means we at least have some time to change our websites, as long as we tell them that we’re planning to make the change. According to the ICO, although our time runs out around May 2012 they expect to see us working towards that deadline in advance.
What Are The Official Recommendations?
They are vague, but there are some suggestions you can act on now.
Now that we’re all suitably panicked about this new law and know we might go to court if we ignore it, we expect some detailed and clear instructions for what we should do next. Unfortunately this is where the guidelines fall short. The recommendations are vague and it’s not exactly clear how we could ask users without ruining their user experience.
The official recommendations are:
- Check what type of cookies and similar technologies you use and how you use them.
- Decide what solution to obtain consent will be best in your circumstances.
Whilst the first two are straightforward, the third is not.
The ICO make broad suggestions involving pop ups, and getting users to accept your terms and conditions. Which website developers and owners won’t be happy about these as they are a major distraction from the website’s content. They haven’t specified any firm examples however, and seem reluctant to do so:
“However, we do not intend to issue prescriptive lists on how to comply. You are best placed to work out how to get information to your users, what they will understand and how they would like to show that they consent to what you intend to do.
What About Similar Technologies To Cookies?
All “similar technologies” to cookies are covered by this law.
This includes Locally Stored Objects (so called ‘Flash Cookies’), HTML5 Local Storage and anything else which stores information about a user. For brevity, these are all usually referred to as ‘cookies’.
What the ICO has made clear is that websites can’t comply with this law by using another technology that does that same thing as cookies.
Does It Only Affect Websites Hosted In The UK?
It’s not clear at the moment if websites outside the UK will be forced to adhere to this same law when users from within the UK use their websites. This could lead to a different user experience for people inside and outside the UK.
“It’s not beyond the realms of possibility that the Wall Street Journal or New York Times will decide it’s simply not worth serving pages to the UK when it’s impossible to monetise them and the user experience is so poor.”
Milo Yiannopoulos, technology columnist for the Telegraph.
The implications of this could be catastrophic. Users within the UK could be blocked from viewing international websites, or it’s possible that our favourite UK companies will move elsewhere.
“We should also expect British advertising technology firms — one of the hottest sectors in British tech — to decamp to the US, where the law is less restrictive.”
Milo Yiannopoulos, technology columnist for the Telegraph.
What Does The EU Have Against Cookies Anyway?
The concern is that current mechanisms are considered inadequate to protect user’s privacy.
Like any technology, cookies can be used for good as well as bad. For example, almost any time you log in to a website, you’re using cookies. This ‘essential use’ would be protected by the new law, however.
A more intrusive example might be that your favourite shopping website could set a cookie to track which websites you’re visiting to find out your hobbies and interests. They can then use this to customise what products they recommend to you in future. You can look at this two ways; as an advantage because you receive better and more customised service, or as a disadvantage because it invades your privacy. With this law at least users will have a clearer idea about what information is being collected about them.
What Should We Do?
Almost nobody likes it, but this law will be hard to ignore. It’s possible that a long term solution will be found in browser technology, but until then it’s us as web developers who need to start taking action.
There are only three real options for website owners:
- Ignore the law
- Stop using cookies
- Start asking for permission
Everyone is still figuring out how best to make the law work. We’ll be following up this article with our own detailed recommendations as we work on our own websites. Stay tuned.
Great Video To Explain All This in 2½ Minutes
Sick Of Being Told What To Do?
It seems almost by the week the internet is getting told what to do by people who are clearly clueless as to how it works, almost pushing everyone under the radar who seem to have legitimate uses to the internet and its content!
There is an online petition which we actively encourage everyone to sign….
Who Is Responsible For Abiding To The Law ? Host / Designer / Owner
Ok in a nutshell the person responsible for having to display the cookie alert/warning/sign is whoever you, your company, host or designer consider ‘The Webmaster’, ultimately when/if the EU start to fine sites it will be the site owner who will become responsible (and possibly a take down notice issued to the web host).
So What Can I Do?
If your website has been designed by Nerds 4 U Services you should expect a PayPal request for £10 that is linking you to this information, for a very small fee we will implement the cookie warning like the one on the side of our website, which you may or may not have clicked. A nice non-intrusive warning, that once clicked will not pop back up for that visitor again.
If you are not a Nerds 4 U Customer and would like to have your site brought up to EU directive standards please Contact Us and we will be in touch within a few hours. We are currently charging between £10 and £25 for this service depending on the code or CMS system used.