Entrepreneur - - By Craig Buckler

Perhaps Your Site Isn’t Illegal in Europe?

Here we go again. In May I reported Why Your Site is Now Illegal in Europe. The EU E-Privacy Directive became law on May 26 2012; if you are using cookies or other tracking technologies for non-essential functionality, you must:

  1. Tell users that tracking technologies are used.
  2. Explain the reasons for using those technologies.
  3. Obtain the user’s consent prior to tracking them and allow them to withdraw permission at any time.

The only exceptions are sites where tracking is strictly necessary for the provision of a service such as a shopping basket or web application. Systems such as analytics and advertising need to comply and the law. It applies to all EU companies and those trading in Europe.

Did Anyone Care?

While the legislation applies to all 27 member states, very few countries appeared to do anything. In the UK, the Information Commissioner’s Office (ICO) issued a guidance document and revealed that non-compliance could result in a £500,000 fine. They then revised the document at the eleventh hour to confuse developers further.

In the past few months, cookie warnings have been (literally) popping up on major UK websites including the BBC, Channel4.com, BT.com, Nationwide Bank, John Lewis, The Guardian and the ICO’s own site. My personal favorite is The Daily Mash which provides the warning:

We’ve updated our privacy policy, not that you care. You can read it or click to get rid of this annoying box and carry on as before. [Whatever]

Clearly Unclear

The problems are clearer than the legislation:

  1. It’s difficult for business owners and developers to identify compliance problems and provide a solution. Generic advice cannot be applied to an infinite variety of situations.
  2. Few users understand the implications or particularly care. All warnings are worded differently and appear in different ways.
  3. If users can opt-out, features such as Analytics become redundant.
  4. Few government organizations adhere with the legislation.
  5. Companies based outside Europe can ignore the regulations without risk.
  6. The law is not being enforced.

This last point has been tested by UK software company Silktide. They’ve been vocal opponents of the cookie law although they offered their own free cookie consent tool.

The company recently introduced nocookielaw.com. It was a great publicity stunt which invited the ICO to take action against the company:

We’re sick of you and this ridiculous cookie law. So here’s an ultimatum.

We’ve taken all our cookies solutions off all our websites. The evil cookies are back, and the pointless slidey warning messages are no more.

We tried. We even wrote an open source solution to the cookie law used by 5,000 sites. But the truth is it’s a tragic waste of time.

Presumably we now fly in the face of the law you are sworn to uphold. Please, please do your worst. Send in a team of balaclava-clad ninjas in black hawk helicopters to tickle us to death with feather dusters. Just do something.

The page helpfully links to the ICO cookie complaint system.

Bizarrely, the ICO responded with a tweet:

@nocookielaw You know what cookies you’re using & you told people you’re using them. They’re the 1st steps on road to compliance. Well done

The message is spectacularly non-committal, but it’s evident that a privacy policy may be enough on some websites. In November, the ICO will release a review every website complaint which will include nocookielaw.com. Perhaps there are additional ‘steps’ but, until you receive an explanation of what those steps are, there’s little point trying to guess.

I see no reason to implement confusing pop-ups or other technical solutions for a law which is ambiguous, unenforceable and mostly ignored. Until the situation is clarified, I still recommend:

  1. You have a “privacy policy” link — probably in the footer of every page.
  2. Explain your use of cookies and, where necessary, link to the privacy policies of third-party systems such as Google Analytics (google.com/analytics/learn/privacy.html).
  3. If necessary, link to cookie resource sites such as aboutcookies.org which explain how to block, control and delete cookies.

Then forget about it. Unless you’re contacted by a regulatory body with a genuine complaint, there are far better things you can do with your time.

Sponsors
Login or Create Account to Comment
Login Create Account