The new EU cookie law is due to come into effect in the UK on 26th May 2012. The Law has been in effect for over a year in the rest of the EU but the UK was given a one-year extension to conform.
Who is responsible for it?
The Information Commissioners Office (ICO) are responsible for enforcing the UK law and have the power to issues website owners fines up to £500,000 for serious breaches.
Who needs to conform?
The new EU Cookie Law applies to all countries within the EU, which is quite obvious, but what isn’t really that clear is that even countries outside of the EU may also need to conform.
For example if you are a website in the USA (or any other country) but you are targeting / selling to people in the UK you would also need to comply. This, I believe, will be one of the biggest hurdles for the ICO when it comes to enforcing the new rules.
To help get you ready for the law, we’ve put together a video guide. Alternatively you can browse the key points below:
What this means:
This means that before 26th May 2012 you will need to have something in place where you make it clear to your website visitors a chance to opt in (consent) rather than opt out (remove consent). You also need to tell them what cookies you are collecting and what you are using them for along with their degree of intrusiveness.
How websites gain consent is open to interpretation but it could mean anything from clicking a button, subscribing to the website’s service or dismissing a banner, toolbar or popup. There is also ambiguity over whether the consent needs to be gained prior to any cookies being set.
Not all cookies are baked the same:
Some cookies do not require consent to be gained; these are cookies that are strictly necessary for the site to function and are classed as ‘essential’:
What you need to do:
Why I believe the ICO have got it all wrong:
I believe that they have got this all wrong, I understand the arguments for privacy and making things clear for website users with regards to what information is being stored, and what it is used for. But I disagree with how it is being implemented as I believe that the majority of website owners won’t even have a clue about the new law and their requirement to conform to it.
It is also unlikely to solve the problem – they are trying to improve security ( as well as privacy) for web users but I think it is unlikely anyone with harmful cookies is going to implement a consent option.
An easier solution:
Wouldn’t things be so much easier if the very few browsers in use today just had a simple feature that managed cookie compliance? That way users could do as they do today and say “hey just want to surf and im not interested and don’t want to be bothered with all this” or “actually I don’t want to share this information sign me out to everything” or even “Mr browser please let me pick my preference site by site or cookie by cookie”.
This way on every site it would be clear not just on the ones who either a) care or b) know about the new law, as I believe you will see well under 10% of websites conform to this or make any effort to conform. It is also very likely this will only be big companies scared of the ramifications and big fines. Because really are the ICO going to go after a two page mom and pop site with no revenue because they don’t conform? I don’t think so.
We will be using Cookie Control for the Koozai website and are ready to go live with it on the 25th, so what will you be doing to conform? Or will you not? I would love to know so either comment below or tweet me.
Freshly baked chocolate chip cookies via BigStock