Web site owners far and wide, or at least in the UK, breathed a sigh of relief yesterday as they were given 12 more months before the “Cookie Law“(pdf) comes into affect and the fines of up to £500,000 for non-compliance.
Some of you are probably thinking: What law? What’s a cookie?
Well that’s fair enough, isn’t it?
Maybe, until you realise how much of your web site, even a WordPress Blog like this one, relies on cookies to actually work. Another thing, you know your boss or clients are always going on about ROI. Well, how are you going to track ROI now that Google Analytics won’t work with cookies disabled?
What is a cookie?
Let’s take a break from the arguement and cover some technical bits. A cookie is a small text file that gets stored on your computer when using a web site and might contain some information like this:
Set-Cookie:PREF=a5353f33dadae6b4:TM=1172488580:LM=1172488580:S=-tN_hXmrGjyfGFq4;expires=Sun, 17-Jan-2038 19:14:07 GMT
Most sites use them and they are non-identifying in the fact that they can only contain information you give to the site, either as an act of using the site or filling in forms on the site.
For a fuller explanation see Wikipedia on Cookies.
What does this all mean?
If you were to abide by the directive, and indeed the law, you would need to provide a way for users of your web site to state on an opt-in basis that they accept you using cookies during their visit to your web site. The Information Commissioner’s Office who are responsible for implementing this law in the UK are leading by example:
My issues with this are the following:
- Many users, and even web site owners, don’t know what cookies are and trying to explain that easily at point of use is going to be difficult.
- If users opt out then many sites won’t work or behave in the way they expect, users won’t necessarily relate this to the cookie issue and blame the companies web site.
- This law does not affect web sites from outside the EU, therefore foreign web sites have a competitive advantage.
- This is an over reaction to protect peoples privacy. Nearly every main stream browser has the ability to block cookies. The public needs educating on this fact rather than crippling business.
- The Directive offers no alternatives for business and very few examples of how best to implement this. Their lack of knowledge is highlighted by the suggestions to use “scrolling text” or “pop ups” to alert visitors, – Yes very 1990’s!
- Compliance could be costly. Most site owners are not going to be able to implement changes themselves and to comply could incur excessive development costs.
It is yet another example of laws being set with complete disregard for the effects on business.
I am sure there will be many fighting this new law and analytics companies are unlikely to let their businesses be affected readily.
What do you think?
More importantly, what would be your suggestions on how to comply?