Your guide to a successful online business!

The European Union’s amended Privacy and Electronic Communications Directive comes into force in just over a week on 26th May 2011. With it comes a much under-reported change in the way web administrators can use the information they collect about their visitors.

It what has been labelled ‘the cookie law’ the directive has yet to be be given a formal route into English law but still technically affects all those in the UK under European law. The key aspect is that collecting information via cookies should no longer be done covertly. Simply because a visitor’s browser allows cookies should not be taken to mean they agree to their information being collected.

As a result, The Information Commissioner’s Office (ICO) has issued a briefing note setting out guidelines on how not to fall foul of the directive.  Advice on how to lawfully collect and use cookie information is set out in the document, aimed at bridging the gap until the Government bring in formal legislation.

While the position is not perfect it would appear the caution suggested by the ICO briefing note is a sensible step to follow until a new statue clarifies the exact position.

Do you think the Directive goes too far? Do the ICOs suggestions play too much into the hands of the regulators?

Was This Article Useful?

Let Others Know
1 Star2 Stars3 Stars4 Stars5 Stars6 Stars7 Stars8 Stars9 Stars10 Stars (No Ratings Yet)
Loading ... Loading ...

Share this post


Leave a Reply

21 Responses

  • Colin Wiseman

    I think it is time to leave the EU. This is just regulation and nanny state madness!

    May 26, 2011 at 1:27 pm
  • Colin Wiseman

    Actually, it looks like we need to do the following:

    “We are about to set a cookie on your machine to save this search so that we can display the results on the next page. Is this ok to do? ” [yes, no]

    (clicks yes)
    “Now that you have done that and to remember that you have have given us consent, we need to set another cookie on your machine otherwise the next time you visit the site we will ask you the same again. Is this ok to do? ” [yes,no]

    User experiences -100 points!

    May 26, 2011 at 1:31 pm
  • Graham

    I can’t ever recall reading any complaints about the use of cookies by users. Is this another case of finding work for the lawmakers to give them something to occupy them?

    May 26, 2011 at 3:40 pm
    • Tim

      I think it is more an awareness point Graham. Internet freedom is fantastic on a level playing field.

      May 26, 2011 at 4:01 pm
  • Chris

    Oh such genius… Fairwell Google Analytics? Lol. They track visitors to sites using 2-year-long cookies.

    May 26, 2011 at 3:52 pm
    • Tim

      Probably a reason behind the government stalling on acting. The problem now is it just leaves it ‘greyer’ for us all.

      May 26, 2011 at 4:04 pm
  • Andy

    If you head over to the ICO website and look at their implementation of the new cookie law, you’ll see that they set a cookie without permission as soon as you display their page.

    Is that a good example to set? The simplest way is to say “accept the cookie or go away” which isn’t particularly friendly. If you want to track, and who doesn’t, it may be best to get it over and done with straight away. The other options are to have portions of your site that are cookie free and have a gateway where users have to agree to having tracker cookies set.

    Either way, I need a bit of code to implement this crazy law.

    May 26, 2011 at 6:51 pm
  • Mark Dicker

    What will be next? Having to tell them that their information is being stored in variables, inside the script processing on the page!

    The EU is fast becoming BS. It was started to prosper trade between the countries of Europe not to pass insane and inane laws.

    May 26, 2011 at 7:23 pm
  • KC

    Its not just a case of having a cookie so that a site will remember you, it’s the tracking cookies that are an intrusion on privacy. If I shop on-line why should that web site have the right to track what other shops I buy from? If I read a newspaper on-line I have no problem with them storing a cookie to remember me, but why should they have the right to track what other newspaper sites I read? The major problem is the vast amount of third party cookies which attach themselves without a surfers knowledge. It’s not a nanny state it’s giving people the right to privacy and about time to….

    May 26, 2011 at 10:03 pm
  • Daniel Goddard

    Whilst I do not fully understanding the implications of the EU Cookie Directive, I’m broadly in favour of any legislation that improves transparency.

    As a web user (as well as a web publisher) I find any pop-ups highly irritating and obstructive, such as the pop-up which the Radio Times website now displays.

    I commend the BBC for their approach to the EU Cookie Directive, which is a clearly visible link at the foot of their website called “Privacy and Cookies” which leads to extensive information about how they use cookies.

    May 26, 2011 at 10:29 pm
  • cel

    I have used the internet before windows was on pc’s and agree with the EU in that we need to look at the information placed on a users pc and also what information is gathered and how it is used.

    This may seem mad to many but one previous cornerstone of the internet – when it went past being used by mainly education institutions and govt departments, was that the user should be king.

    If a company wants to place files on a users pc, however small, the user should be made aware of this clearly and also what the file is used for exactly.

    Users are not daft and should not be treated so by thinking that the user does not need to know about things like this.

    It maybe that web pages have to display a clear link at the top of their page (not hidden away in grey text at the bottom) that will take them to a page that explains what the cookies are, where they are located and also exactly what they are used for and not some bland description.

    The internet should not be a place where users are not aware of all interactions with their pc/ mobile etc.

    Cheers Cel

    May 26, 2011 at 11:00 pm
  • RobH

    If I have Google Analytics on my site it is my responsibility to ask user’s permission. The ICO have implemented this requirement on their own site. It’s intrusive and basically says accept or the site won’t work. If every site were to do what the ICO have it would make a laughing stock of the web – and the moron legislators who thought up this crackpot scheme.

    May 26, 2011 at 11:27 pm
  • James

    It’s a stupid law that will never get taken to court if you infringe it. Once again the eu laws set by pencil pushers dictate how British run thier businesses-the ico are clueless, they don’t understand what a cookie even is or does but they have stuck with the 90’s mentality that they are evil…what’s next on the chop block, JavaScript?

    I am all for privacy improvement but annoying visitors is detrimental to business for everyone.

    May 27, 2011 at 8:14 am
  • RobH

    I just checked the EC website, they do drop cookies (ec_exit_survey, EuropaSearchSessionID) but don’t ask permission.
    This is a case of the blind leading the eagle-eyed.

    May 27, 2011 at 2:10 pm
  • Colin Wiseman

    To KC. I see you also don’t understand cookies. My website cannot track you on other websites,nor can it read cookies from other websites. This is a security feature built into the core idea of cookies.

    What you are referring to is a single advertisement company,e.g.Google Adsense, that knows you have been to other websites, as it is able to read it’s own cookies that it has placed, again a thing my website cannot do. My website also cannot read google analytics cookies.

    What you don’t understand is that if a person doesn’t want my website to place cookies on their machine, they can already set this up via security features built into their browsers. All cookies can be cleared when a session ends, and (am not sure) but some browsers have private browsing so no cookies can be placed.

    So why do I have to spend time and money protecting the end user, when an end user can do it already? Spend the money on education rather than legislation.

    I also asked a bunch of my friends, do you know what a cookie on your pc is, and I got laughed at cause they didn’t care. The people that do care about cookies are generally paranoid androids that need to turn their computer off and hide in a dark corner, because if they think cookies are intrusive, they best stop using mobiles, digital tv boxes, credit cards, store cards and points cards, all of which is tracked and SOLD back to brand companies to sell more rubbish to you in stores, via door drops, and advertisement on tv. I wish I could sell my cookie information, but their is no personally identifiable information that I can gleam from a cookie.

    Rant over.

    May 29, 2011 at 7:18 am
  • Richard Rawson

    It is all very well having the EU implementing their internet laws but the web is a world-wide network. How will the EU stop America, or any other country that does not comply with this law, from having cookies? Until this concept is taken up by the entire world it remains a pointless exercise. In any case, are they going to have armies of internet police going through every web site to check for non-compliance with the law?

    May 30, 2011 at 12:01 pm
  • Colin Wiseman

    Yeah it is a stupid law that will hopefully go away. Think of all those folks out there that run a blog with a bunch of plugins that each put cookies down. Is it up to the blog owner or the plugin developer to warn for cookies? The blog owner might not be computer literate enough to do this.

    May 31, 2011 at 2:42 pm
  • Sue Mann

    I don’t think the law will go away Colin, but the ICO have said they will allow until May 2012 for websites to comply before they start taking enforcement action – I think that’s because the new rules based on the EU Directive were only published in early May and they recognised that people just hadn’t had time to prepare and as all the other comments have already shown there is no easy or satisfactory way to comply yet. It remains to be seen whether anyone will come up with such a solution, but I’ll be watching out for developments.

    June 1, 2011 at 12:53 pm