EU Cookie Law – Does *anyone* know how it is going to work?
The new European Cookie Law comes into effect towards the end of this month, I’ve read it is the 25th May (26th May according to the BBC) and I still don’t know anyone who:
A) Is prepared for the change
B) Knows how they will technically deal with the problem.
ICO guidance is far from explicit, basically the ruling has been made but nobody has got a clue how this would technically be enforced.
One solution that Carps mentioned in his EU cookie directive post (don’t click it, it has a million popups) is that YouTube have created a non-cookie version of YouTube. Maybe it will be necessary to do this for all other websites? Does anyone know of a WordPress plugin? (Great idea for one)
So please, if anyone has some amazing idea on how the are going to deal with this problem (and we would like technical details, not this airy fairy stuff the ICO are supplying) then please post up your idea on our Google Moderator series – we’ll post the best solutions on the David Naylor blog for all to see.
All I can foresee happening at the moment is every other site I visit having a popup asking if they can store a cookie, and if I say no – well I guess I’ll get the popup again as soon as I refresh the page?
I can’t tell you how much this makes me angry, there are plenty of ways to opt out of things online and in my opinion this is an ill thought out solution by someone with very little knowledge of how the Internet works. Talking to many people (web developers etc.) it appears most people haven’t planned to do anything, I imagine if no websites conform to the new law then it may be a little difficult for the EU bureaucrats to enforce.
John Beynon 771 days ago
The ico.gov.uk website sets 5 cookies – I’m watching them to see what they do!
David Whitehouse 771 days ago
Haha John! Nice one, thats a great idea. Will be interesting to see what they do…
Rob 770 days ago
Great idea! I noticed the ico.go.uk site uses Google analytics too so will certainly be interesting to see how they deal with their own guidelines and ask for consent. Has anyone tried to contact them directly to ask them how they intend to do this? They probably won’t reply to a direct enquiry, but I’m willing to give it a shot if anyone would like?
James Fletcher 770 days ago
http://www.CentraStage.comRob I think it would be interesting to see if they didn’t response ‘cos it clarifies they don’t know either.
Rob 769 days ago
James – I’ve asked how they intend to gain consent from users for GA use and im waiting for a response – I’ll be sure to let you all know as soon as I hear anything!
No Handle 761 days ago
I noticed that also with their website considering this is coming into action in 6 days you would think they would have their website prepared.
In their .pdf that you linked to they mention an idea they have for solving the issue by using a pop up but then state this might ruin the users experience. So what would we actually do? Im a inhouse SEO at a b2b company and if this came into action for real im pretty sure most our users would click no thus leaving us with no real analytic data I spend a large part of my time analysing analytics so this would actually reduce my working hours and what info I can supply to my company.
Does anyone really think any site is going to do this? Whats the penalty for not doing it also?
Jason Duke 771 days ago
http://jason.shDavid, great post – I wonder if you’ve seen my overview on the directive at http://bit.ly/mESn4g as I believe it answers most of your questions.
David Whitehouse 771 days ago
Cheers Jason, and thanks, will have a read through.
Vince McConville 771 days ago
http://www.ayrmer.co.uk/blogHi David,
I think for most of us it will be a wait and see game. The ICO has said that they will phase the implementation of the enforcement. Most companies haven’t a clue what is going on and the ICO are unlikely to come down heavy handed on those that haven’t complied. The advice they have give is somewhat woolly and not really conducive to a good user experience if implemented.
Will be interested to see what the browser developers come up with!
David Whitehouse 771 days ago
The problem is though Vince, a shed load of people don’t upgrade their browsers – these are the same people who don’t know how to manage their cookies. I think we’re going to see some nasty popups arising…
James Fletcher 771 days ago
http://www.CentraStage.comDavid,
I think you have hit the nail on the head, also loving the post by Paul with all the pop-ups but I agree with you this is potentially going to kill the user experience on the web, pop-ups here and pop-ups there, as it’s all I’ve heard from other folks I’ve spoken to.
We have made no plans as yet to do anything about the new law, but as with everyone we’re still waiting on the suggested “best practices” from those in the know to guide us to the right spot!
Smeeta 762 days ago
Does anyone know which websites are affected by the cookie law which comes into effect on the 26th May.
It’s not very clear.
What is the rule of thumb?
A. Websites hosted in the UK/EU targeting UK/EU consumers
B. Websites hosted in the UK/EU targeting a consumers outside UK/EU
C. Websites hosted in a different country outside UK/EU specifically targeting UK/EU consumers
D. Websites hosted in a different country outside UK/EU not specifically targeting UK/EU consumers (however, obviously all public websites are accessible though)
E. Websites hosted in a different country outside UK/EU using Content Delivery Networks (CDN) in the UK/EU to serve content
Thanks
Matt 762 days ago
http://www.atmedia.coWho is going to enforce the billions of websites?
Cookie law makes most UK websites illegal: what you need to know | Silktide blog 757 days ago
[...] not found a single person with anything good to say about this new law, with most web developers confused about what they actually need to do to, and jokes about how to implement the recommendations. [...]
ripzay 756 days ago
We have quite an elegant solution for those that want’s to be first on the bandwagon – released yesterday..
http://www.wolf-software.com/Downloads/jpecrga/
This jQuery plugin is the Wolf Software solution to the new cookie law that becomes law on 26 May 2011. The idea is to have a inobtrusive method of gaining user consent BEFORE using Google Analytics which requies cookies.
An amendment to the Privacy and Electronic Communications Act (PECR) is a change to legislation that comes into force in the UK on the 26th May 2011.
The code requests consent from the user if the user gives consent then the plugin will ‘inject’ the GA code into the page, if they do not give consent (or do not click yes or no), no code is injected.
The user also has the option to store these preferences permanantly, which will set a cookie, dealing with this, this again is ‘optional’ and as such is still complient with the law.
This class is designed to resolve the EPD / PECR regulations ONLY for google analytics and that is what we use at Wolf Software.
Demo page at http://cookies.dev.wolf-software.com
David Ball 754 days ago
http://blog.silktide.comI’ve seen a few possible solutions now:
http://cookies.dev.wolf-software.com/
http://www.reddbridge.co.uk/cookie-consent
But each of these uses JavaScript which not everyone has enabled. Surely to be legal we need a solution that applies for everyone, or we still might be breaking this law.
The ICO’s own recommendation (albeit hideously ugly) doesn’t use javascript. Although I personally still think this isn’t a good solution.
ripzay 747 days ago
Google Analytics does not function without javascript anyway.
The wolf-software plugin uses javascript to inject the google analytics tracking solution in exactly the same way that google injects the tracking solution, it’s just waiting for the user to give it permission first.
Jon-Javascript users couldnt be tracked before, and they still can’t.. so it is 100% compliant.
WolfSoftware 750 days ago
http://www.wolf-software.com/Downloads/epd_cookie_class/We have already had our solution verified by the ICO as being compliant with the new law. Also you require javascript for GA to work in the first place, so there should be no issue with it being in javascript.
James Rigg 708 days ago
http://www.jamesrigg.comWhatever happened to URL-based session tracking? Sure it is a little harder to do (and most people don’t build their websites to dynamically re-write URLs or have even forgotten this is possible).
The guidance says that consent is not required if the cookie is “strictly necessary” and cites the example of a shopping basket function on a website. To me this just means that the ICO do not understand the technology since a cookie is not _strictly_ necessary in such a situation – URL based session tracking would work fine.
LG 677 days ago
http://www.electricalappliancesuk.comWhat’s the general consensus for what people are going to do? If the EU/Gov are likely to issue a warning first, for an offending site, then surely it makes sense to hold out until the deadline and see what happens? As was said earlier, the EU/Gov haven’t got the resources to go after millions of sites. Surely, it would be easier to just aim this at cross-site advertising tracking only – this is what annoys people – and leave on-site analytics and the like well alone?
Felix 608 days ago
http://www.google.co.uk/search?gcx=w&sourceid=chrome&ie=UTF-8&q=%22The+ICO+would+like+to+use+cookies%22