EU “Cookies” Directive. Interactive guide to 25th May and what it means for you
The full EU Regs are here, if you’re interested or some kind of swaggering cock-about-town lawyer licking his lips at the prospect of bringing someone to “justice” in the interests of your swollen bank balance via some farcical “test case” that you just happen to bring about against a massive, high-profile and coincidentally wealthy web company. Sigh.
Update: Google clearly see which way the wind is blowing. If you check out the YouTube embed feature, it now uses an iframe rather than Javascript, and there is also an ‘enhanced privacy’ setting whichserves http://www.youtube-nocookie.com as the default URL, which is exactly what it says on the tin: a version of YouTube with no cookies.
159 Comments
Mikael Rieck - http://www.antphilosophy.com
Haha… nice one. I hope we won’t have to go to such extremes 🙂
hobo - http://www.hobo-web.co.uk/seo-blog/
ha well done
Shahan - http://www.techdaba.com
Nicely done. And I have seen these annoying ‘sayings’ when you are about to leave a website. Big irritation. =/
Brad - http://www.netevolution.co.uk
hhahahaha that’s great :), silly unenforceable legislation…
Dennis Kjærgaard - http://denniskjaergaard.com
Great one 🙂
Dio - http://diobach.com/
Well, I can’t be arsed reading those directives. I wonder where server location comes in to the mix, as in if your server is located outside the EU, is it under the remit, whatever the TLD. If that’s a quick fix then relocate, relocate will be the order of the day. This is one of the most silly set of regulations ever.
Paul Carpenter - http://www.itsafamilything.co.uk
Yeah – it’s another interesting thing to chuck into the mix. Maybe Iceland will end up being Europe’s web-hosting location of choice… they seem to be keen on being the go-to destination if you want to avoid certain EU laws 🙂
Alert Boxes Suck - http://blog.automated.it
Not really. If your a company registered in the EU then you’ll have to abide by EU law regardless of physical server location.
Duane Dobson - http://www.ekmsystems.co.uk
We had the same discussion in the office about server location and abiding by the law, and we’ve come to the conclusion that it’ll be down to the intended destination / domain name, eg http://www.bob.co.uk is obviously UK so you have to abide by it, and to be honest even though the we have a .pe website outside the EU we are going to put it on there too as it can’t hurt can it (perhaps not the pop up jobby) the information on cookies we use etc.
a zayer
very instructive
claire - http://www.admast.co.uk
Ha ha, fantastic.. the first time a pop-up has made me smile. Also there is F+++ all else in Iceland, i recon we could all host there!
Adrian - http://www.boldinternet.co.uk
Oh no, I just accepted all without reading. What have I agreed to? 🙂 Very good!
GusQuad
Loved this.. quality post. Implications of this are just insane.
Rosenstand - http://www.concept-i.dk/
Hi David
This is great! Let’s send this link to all the politicians we have the email addresses for and show them what they are about to do to the Internet.
Lars Bachmann - http://www.conseo.dk
Ha ha .. Can not wait for this cookie directive becomes reality 🙂
Bill Marshall - http://www.spiderwritingseo.co.uk
Brilliantly done! While as a user I’d be happy to see less tracking, as an SEO I know what is harmless and I have to accept that some of it is a necessary evil. As usual politician and legislators have no idea how the internet actually works so they can’t tell the harmless from the intrusive. This is going to cause a lot of hair tearing (good job mines already gone).
Peteris
The point of (and solution to) mandatory popup notifications about cookies is not having the popups, but not having the tracking cookies.
It might as well be a law stating that sites third-party-advertiser scripts/tracking cookies must put their page background blinking red and pay 100% extra taxes – it’s meant as a deterrent – just don’t do it.
David Whitehouse
The problem with that Peteris, is that many companies have to track their advertising so they don’t end up making a loss, that is why all the tracking is necessary.
Bob
Excellent. I’m all for these changes. Either a simple popup on first landing to handle a collection of checkboxes (which is simple enough to deploy) or the browsers will set up a standard template for the user to specify general or specific site “permissions” and pass that in the header information.
The only people crying about this are marketers… who as we all know aren’t real people anyway.
David Whitehouse
Hey Bob, except websites themselves can’t do this. Mainly because if someone says “no I don’t want to opt-in to you storing cookes” then they can’t record a cookie to say they don’t want cookies.
So quite frankly, it’s stupid.
Bob
Which is why a browser based solution would make more sense (a more extended version of the X-DO-NOT-TRACK header currently being implemented by Mozilla, Chrome and Opera). Something like (which the user would pre-configure in their browser) and allow the user to override for a particular site:
[ x ] Allow us to store a quasi unique session id on your computer
[ x ] Allow us to store non-personal site preferences
[ x ] Allow us to track your navigation through our website
[ x ] Allow us to sell this information to whoever will pay us
However you could store the “no don’t track me” decision based on the persons IP address (for 12 hours). Please note, since storing something in a database is not a cookie, it don’t believe it is being regulated.
PeteW
@Bob: Many users still aren’t clear on what a browser is, let alone how to set preferences. And what about sites that allow public comments that may in turn include content from other sites who do use cookies to track where their content shows up? If someone visits your site, you should be as automatically entitled to track their movements and activities whilst they are on your site as a shop owner is to watch customers whilst they are on their real-world premises. This is necessary simply to maintain the virtual premises effectively, whether you’re directly selling stuff or not. Selling information on your individual customers’ actions to others is another matter, and tracking which other sites you visit is not something that real-world retail leads consumers to expect either, but those are specific actions that could be legislated against with less impact on the majority who aren’t really seeking to abuse their customers.
The funny side of EU cookie law | DigitalCuppa - pingback
[…] this post isn’t about debating cookie law. It’s here because you should look at this blog post showing the potential implementation of site warnings in answer to the law. Beware the […]
David Fairhurst - http://www.intelligentretail.co.uk
Brilliant… Paul you are the RantMaster! Another piece of euro-c**p we can all do without!
EU kräver "opt-in" för Cookies. Ny lagstiftning på väg - pingback
[…] Vet lagstiftarna vilka konsekvenser det kan få? Vi kan förvänta oss att lagstiftningen inte kommer att införas, eller snarare att den inte kommer att leda till påföljder eftersom det kommer att ta tid för alla att anpassa sig och hitta tekniska lösningar. Det är oklart vad lagstiftarna kommer att godta som "medgivande". I sin mildaste tolkning kan det bli en inställning i våra webbläsare. I den strängare tolkningen kan det innebära att besökaren måste godkänna alla sätt som besökaren spåras på. Här är ett exempel på hur det skulle kunna se ut på en webbplats: http://www.davidnaylor.co.uk/eu-cookies-directive-interactive-guide-to-2… […]
EU Demands "opt-in" for Cookies. New Legislation on it's Way - pingback
[…] It is unclear what legislators will accept as "consen". In its mildest interpretation, it might be a setting in your browser. In a stricter interpretation, it may mean that the visitor must approve all manners in which the visitor is tracked. Here is an example of how this would look like on a website: http://www.davidnaylor.co.uk/eu-cookies-directive-interactive-guide-to-2… […]
Ramon Puchades - http://ramonpuchades.com
Did anyone read all the pop-ups? I did get tired on the third!! :)) Hahaha!
Nice!
Nick - http://www.lucascreditservices.com
They got much funnier after the third one. I think you should go back and start again. 😉
Chris Gedge - http://www.further.co.uk
Gota love a good pisstake 🙂
Andrew Sharpe - http://charlesrussell.wordpress.com
Brilliant, thanks.
What is it about MEPs and cookies? Even the original debate behind the first cookies requirement in the Privacy and Electronic Communications Directive 2002/58/EC was pretty hysterical (in both senses of the word) – giving us the first weird article that required us all to put unnecessary cookie wording in privacy statements/policies.
Maybe it’s as simple as there being plenty of good chocolate in Brussels (Strasbourg on away days?) but no good biscuits?
EU vaatii ennakkosuostumuksen evästeiden käyttöön - uusi lainsäädäntö tulossa - pingback
[…] äärimmäisessä muodossaan näkyä verkkosivuston vierailijalle: http://www.davidnaylor.co.uk/eu-cookies-directive-interactive-guide-to-2… EU direktiivi aiheesta löytyy kokonaisuudessaan seuraavan linkin […]
Yet Another Cookie Crumbling Crisis Looms » Web Tech » SitePoint Blogs - pingback
[…] may be owned by a business affected by the EU cookie legislation — or they might not be.The David Naylor site illustrates how ludicrous cookie warnings could become.Will Anyone be Prosecuted?It’s all […]
Furtled
Hey I think it’s a good idea in principle but kudos for the series of comedy pop-ups 😀
Milly - http://beneaththewig.com
Hugely clever!
Being a girly, I don’t have much of a cock to swagger about town with (my balls are a different matter. They are HUGE), but I did write a bit of a round up on Cookie Law here:
http://t.co/Hej3v3G
You can read it if you like, but the top and bottom of it is Keep Calm and Carry On.
Paul Carpenter - http://www.itsafamilything.co.uk
lol @ “huge balls” (I take it that wearing Spanx is out of the question for you then?)
I actually kind of figured that it’s not going to be that big a deal (until the aforementioned lawyerly type decides to bring a fatuous case, as you *know* they will) but there’s no fun at all in a balanced, rational look at the facts 😉
javier ortiz - http://www.vseo.es/buscadores/2011-lo-que-no-tendremos/
Simply perfect, same problem is growing in spain. On the “website link” there is a bief explanation of the spanish market with the law against the “ilegal downloading” the IT infraestructure and the cookie staff.
We have had better moments…
PeteW
Thanks, David – though tongue-in-cheek, this also raises vital points about whether or not ticking a box guarantees that something has been read or comprehended. UK guidelines on how to comply won’t be completed until after the law comes into force, which is another way of saying “we passed this law without thinking it through.”
To those who think this is a good idea “except for marketers” – it isn’t. If you’re in business, you’re a marketer. If you run a website, either you pay for it, or your customers do, or adverts do. Ad targeting lets your visitors see relevant ads that they may just be happy to click on (i.e. it’s good for the website, and for its visitors). So even if you don’t run a website, preventing ad targeting will just mean you either see more, less relevant ads, or that sites who provide free services will have to start charging for them.
I don’t like the idea of being tracked or profiled, especially once I leave a site – but a blanket ruling against a technology (instead of against very specific abuses of a technology) is simply not competent legislature. Done badly (and there’s no sign that this is being done any other way), the following outcomes seem probable:
1. European sites will become less user-friendly, driving online trade out of Europe.
2. Small businesses (i.e. most UK businesses) will be hit by costs for developing workable alternatives.
3. Ads on European sites will be less targeted, thereby becoming more offensive to site visitors and less likely to earn money for site owners – again hitting small businesses, charities and ‘pro bloggers’ hard.
4. If storing user data on the visitor’s computer is wrong, firms will have to collect and store it in databases, where it is FAR LESS controllable by the user. Securing these databases will incur more costs, and Data Protection regulations will apply in areas where they were never needed before.
Besides, if targeted advertising is so terrible online, why does no-one complain about it in shops, on billboards, on the radio, on television, in magazines etc. etc.? This is Luddite technophobia being made into law, and it should be repealed until someone does have time to think it through.
Thomas Fjordside - http://www.spiced2.com/
Will be interesting to see how this will turn out..
So tell me, how is it being called David all the time Paul?
Paul Carpenter - http://www.itsafamilything.co.uk
Haha – I’ve been called worse, believe me 🙂
PeteW
D’oh! Apologies, Paul! I had noticed your byline, just one of those mind-racing-ahead moments and didn’t spot my typo, sorry.
Richard Harper - http://www.affiliaterich.co.uk
Haha love it! The message boxes were definitely worth the effort on your part. Although, I want the chocolate chip cookies you said you had! 🙂
It’s certainly interesting to see how they will police all of this – the internet is far too big to police, and cookies are actually useful, so why would they make them opt-in?
Die EU und die Cookies | Die datenschutzkritische Spackeria - pingback
[…] EU “Cookies” Directive. Interactive guide to 25th May and what it means for you […]
Andrew Burnett - http://www.andrewburnett.com
All those pop-ups and nary a polar bear in sight!
John Callaghan - http://www.upliftmedia.co.uk
Haha…..excellent post, a very British approach to the subject.
Paul Smith - http://airfront.co.uk
Most amusing.
Mike Essex - http://www.impactmedia.co.uk
A clever idea and really well executed. The whole concept behind the cookie warnings is absurd, and I’m curious if Google will issue a statement given it could damage Adsense, Analytics and YouTube.
What the New EU Law Could Mean for Cookie Behaviour in the UK » Zen Web Solutions - pingback
[…] Naylor has sarcastically provided an “interactive guide” (popup warning ) to what it could literally mean by requiring explicit consent. I […]
Paul Lundgren
This is sooooo userfriendly, or?
Tim Leighton-Boyce - http://www.cxfocus.com
Thank you! You have most definitely brightened up my day.
Tim
European-Based Website Cookies Set To Crumble Thanks To EU Directive - pingback
[…] who have no idea what they actually are! – You can check out a great example of what the EU “Cookie” Directive could turn European-based websites into – don’t you think EU websites are going to have […]
Michael Wagner - http://www.micwag.de
nice Idea 🙂
Taking the biscuit – Redweb Blog - web design and web development, UK, London and Bournemouth - pingback
[…] it would be very unpopular and annoying, both for the website owner and developer and the user. David Naylor’s blog illustrates this quite […]
Henry - http://www.esseoh.com
Skimmed over the regulations and it seems that the only part that mentions cookies is about users being offered a chance to opt out of cookies and not a word given on how. The way I read it, it seems that it can be handled with a footnote in privacy terms.
But the trend that uninformed politicians make legislation on very specific areas is worrying.
Tom Doerr - http://www.tomdoerr.co.uk
Ha, so basically everyone will give up going on any site using cookes, and we will lose any decent site that relies on ad revenues to provide us with free, interesting information! Thanks EU, thanks a lot…
Paul - http://www.childrensfurnitureandtoycompany.co.uk/
Nicely done. Would such a directive, designed to protect privacy and limit the extent that firms can tap into behavioural advertising, open up the advertising market for smaller companies? One thing is for sure though, users will see lots more pop-up windows and boxes asking them for permission to collect data – a step in the wrong direction for usability.
Yet Another Cookie Crumbling Crisis Looms | Webmasterhelp - pingback
[…] David Naylor site illustrates how ludicrous cookie warnings could […]
Ny cookielov risikerer å skape kaos i Europa - pingback
[…] Nettguruen David Naylor har skrevet et glimrende blogg innlegg hvor han synliggjør hvilken type hassle EU ønsker å utsette Europeiske nettbrukere for. Les innlegget her. […]
Mark Chambers - http://www.markchambers.net
Thanks Paul, love the pop ups! 🙂
I agree with the good points made by PeteW and some of the other commenters. I think it should be asked if this is actually in the public interest? I can see both sides of the argument, although being a website owner, naturally, I want to track everything I can whilst being transparent and giving the user the best experience possible.
Tristan Bailey - http://twitter.com/tristanbailey
Do you think I could get the Yahoo Tool Bar or maybe the Alexia one to remember all my choices in a public place ?
After all all these popups could get tiresome and I know all the sites I go to from google are safe. Right?
-enjoyed the humor of it thanks
Michael Jones
I think the legislation will be aiming for the strengthening of standards like p3p, rather than requesting a load of popups…
using these standards browsing experience would be enhanced, not hinderd…
Paul - http://www.childrensfurnitureandtoycompany.co.uk/
Just been thinking on the pop ups we could see – does anyone else think that we could start seeing adverts and sales opportunities pushed at us IF we need to start clicking popups to confirm cookies? Seems to me some advertisers would jump at the chance to throw an extra advert in a pop up if they had the chance.
Internet Marketing - http://www.1up-seo.com
That’s why i stay far, far, far away from EU markets. Utterly silly.
Robert Allan
Love this – ok,ok,ok,ok,ok,ok,ok, – have I just signed up for porn, helping princes in Nairobi shift cash, Viagrow, another book club????? Really looking forward to the internet is it goes this direction.
Tom Doerr - http://www.tomdoerr.co.uk
@paul I agree, I reckon we will see pop up cookie requests with built in Ads, that way every single visitor is guaranteed to see that Ad, which can be sold for a lot more money! Although far fewer people would end up accepting the request if they thought it would just give them loads of spammy pop ups.
Paul - http://www.childrensfurnitureandtoycompany.co.uk/
@Tom Doerr, Thanks Tom. Just taken a look at your blog and see you have written an article on the cookie directive, you make some very good, clear points.
Freelance SEO Consultant - http://www.digitalmarcomms.co.uk
Very clever – I was cursing you for a minute but then it made me smile. It’ll be very interesting to see what effect, if any, this new directive has on digital marketing and the software that we use.
Syd - http://www.britishproductsdirectory.co.uk
Brilliant – but you forgot the option box that asks what sort of cookie the user wants. I want the one with jam on the top
Craig Addyman
awesome!
Hollie Bedwell
Surely the implementation of the EU cookie directive will mean that we will miss out on a sector of traffic to a website? When working with sites where the user base also reads the Daily Mail, where they have been warned about TERRIBLE things that cookies can do, will mean site traffic will just drop off, at least for the first month?
@Tom I think you make a very good point about the built in ads. But this is now a development cost that every single EU site will have to swallow.
Well done for bringing the reality of this absurd directive to our attention.
Chris Rendell
The EU cookie directive is just a massive joke. Derived by some half-wits in a board room who have no idea what cookies actually do, and think they’re massively improving the interwebs security by bringing this law into play.
I’m hoping the Internet Browsers will come up with a way of getting around this foolish idea. How badly may this hit the digital economy? Not many non-geeks know what cookies are, and what they do on the internet, so they will probably say no when the pop-up pops up anyway.
And yes I’m a disgruntled affiliate.
Robert - http://www.monicowebdesign.co.uk
As always the EU commissioners are completely out of touch with everyday life.
The Elephant In The Room: European e-Privacy Directive « Julian Moskov :: My Online Marketing Blog - pingback
[…] of cookies. But obtaining consent from visitors can be a less pleasant experience – as this example on David Naylor’s blog […]
william - http://www,genite.com
Really such a great info!
erica
oh noes! why the “prevent this page to create additional dialogues???” the point was to annoy the hell outta visitors!!! 😀
Internettet sat 15 år tilbage!!! : webgains.dk blog - pingback
[…] Hvis du er i tvivl om hvad Cookies betyder for brugerens færden på nettet så prøv nedenstående link! ahttp://www.davidnaylor.co.uk/eu-cookies-directive-interactive-guide-to-25th-may-and-what-it-means-f… […]
My Shadow Self - http://myshadowself.com
The EU ist a wonderbar thing.
If it weren’t for the EU, we’d all be eating bent cucumbers and straight bananas.
Long live der vaterland!
Niklas
lol you´re damn right! Here in Sweden the EU is trying to attack the holiest of holy (except for our women), Snus. Our politicians are panicking and sweating as pigs trying not get their people to start praying for Thor and Odin to strike upon Angela Merkel and her peasants.
StatCounter Blog » Blog Archive » The Cookie Directive - pingback
[…] has created an interesting (and worrying) example of the possible consequences of this Directive here. Not a pleasant […]
Government fails to protect UK businesses over cookie law | Elisa DBI - pingback
[…] on a browser? For an idea of how annoying this could look check out Dave Naylor’s blog here. I personally browse the web using 4 devices across 4 different browsers – this means, even […]
» Cookie Laws – What it means for your business. - Jason’s Shell – An SEO’s ramblings » Blog Archive - pingback
[…] to undertake perfection in your data compliance exercise then your site would end up looking like David Naylor’s excellent example that he gives on his blog. I do not believe that this is how the UK Government intends web […]
LordManley - http://twitter.com/?status=@LordManley
This is childish and annoying.
This is a complement.
Liam - http://www.zaddle.co.uk
Brilliant article – loved it.
What qualifications do you need to become and EU legislation maker? Do you have to have “lobotomised” as part of your CV?
Mark Barrett - http://www.markdb.net
Haha, that was quality! Love the “Douchebaggery”
Justin Parks - http://justinparks.com
I read all the popups.
First time EVER. (good job – still smiling)
Zach - http://twitter.com/fiend4house
Epic, i love it! Think Google should implement internet wide, see the CTR’s then.
Andrew - http://www.completelyfreedating.co.uk
Well, I just visited the ICO website and it set 5 cookies in my browser and didn’t ask me or tell me anything about them, that will be the first website I’m report to the ICO for breaking the rules on May 26th!!!
David Goodwin - http://codepoets.co.uk
I don’t want to not not comment; great stuff 🙂
Richard - http://www.governor.co.uk
You might be interested to know about a new website just launched which is promoting a more practical solution to the cookie law than the UK government: http:\\www.cookiecrunch.co.uk
Robert Hall
Lets all report the ICO on May 26th. Browsers already give me the option to stop cookies. If I didn’t want cookies I would of set firefox to not accept them plus how would the pop up get round the pop up blocker or did the EU forget that people hate pop ups. There is already plenty of info out there to tell people how to stop cookies in their browser. I remember the dark days of using the web on my old mobile, I had to accept or reject loads cookies before I could look at a site. So please UK government don’t make me go through all that again. The EU is a waste of money and this law will inconvenience the end user. Loved the pop ups on this site though.
Clarkeyboy
Shhh, don’t tell anyone but the official EU site sets a cookie without asking permission: europa.eu.
Of course none of the UK government websites will conform post deadline. Many don’t even conform to their own COI guidelines!
Bob mentioned earlier we could just record a user’s IP in a database for 12 hours which is ok if a: you have a database already or b: the user isn’t on a corporate network where one external IP may be used by hundreds of machines as their point of access to the web and a hundred other reasons why this might not work or be wholly impractical.
On the point of how do you record the “don’t track me” preference of a user without using cookies. Well the law states you can store a cookie without permission “where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user”. So ironically because a user doesn’t want me to store information about them in a temporary session cookie I can place a permanent cookie on their machine which says “don’t track me”. EU logic at it’s finest
Harris Sharpe - http://www.thecypruslawyer.com
Enjoyed it no way this can apply .
Robert Hall
Let’s set up a petition on the UK government website telling them not to enforce this law. Protect UK business.
Leading By Example | Scatmania - pingback
[…] I’m tempted to assume that only this guy has the right approach. I’m all in favour of better cookie law, but can’t we wait until after the […]
ben gott - http://www.periscopix.co.uk
Brilliant – I loved that guys. You brightened up my morning.
In case I accidentally opted out at some point and you couldn’t track my referral information:
Referrer URL: http://econsultancy.com/uk/forums/best-practice/eu-cookie-ruling?page=1#forum_post_14291
Time: 08.09
date:18/05/2011
Geolocation: SE1, London, UK
Favourite colour: Navy Blue
Ad preference: open to ads on holiday offfers
Projection of wifes xmas present: possibly a nice dress, or perhaps some shoes.
Paul Carpenter - http://www.itsafamilything.co.uk
😀
Here comes the EU Cookie MonsterBusiness Marketing Online (BMON): the industrial website engineers - pingback
[…] Here's what the result would be. […]
Keith Roberts
I don’t mind if they are chocolate-chip cookies!
Cookie law makes most UK websites illegal: what you need to know | Silktide blog - pingback
[…] with most web developers confused about what they actually need to do to, and jokes about how to implement the recommendations. There’s a huge backlash against the regulations, and quite a lot of scaremongering about the […]
New Website Legal Requirements as of May26th - DesignersTalk - pingback
[…] The regulations aren't clear, but they do say they will be contacting companies who are not compliant. So we are doing nothing until contacted. The EU regulations on cookies is a single paragraph, this then prompted the ICO to write a 10 page document and still be vague. If you take the regulations literally, then here is what will happen every single fucking time you go to a site: EU “Cookies” Directive. Interactive guide to 25th May and what it means for you […]
Kaspm - http://www.webfuel.me
We might have to resort to them big landing pages, Do you agree we can track you or Leave Site.
Although this is the first time ever i laughed at alert’s in a browser 🙂
Milly - http://beneaththewig.com
Thank you, all the lovely people who read my initial post about cookies from here. In light of the releases yesterday and today, I have updated it here:
http://beneaththewig.com/cookies-not-oats-and-raisin
Luc Chase
And how is one expected to record the fact that the user doesn’t want cookies??
If I refuse the cookie at http://www.ico.gov.uk/ , the notification never goes away.
Dave Bell
I got the point by the fifth pop-up.
Individually, they’re all funny. Collectively, it soon gets tedious.
Paul Carpenter - http://www.itsafamilything.co.uk
Thanks for the feedback Dave, and I’m glad you got the point so quickly.
Giles Rees
Does anyone else remember the ‘click to allow Flash to be displayed on a website’ directive? That lasted all of 5 minutes before it was summarily chucked in the ‘crap idea’ file.
EU citizen
Can’t we just shut down the EU and keep the WWW open?
Jon R
There’s a certain irony that you’re spamming all those pointless pop-ups but then going ahead and breaking the law anyway by setting cookies without permission.
Paul Carpenter - http://www.itsafamilything.co.uk
I’m sure there’s a whole other layer of irony implicit in that comment.
Jon R
Do tell.
Paul Carpenter - http://www.itsafamilything.co.uk
Well… we weren’t ‘spamming’ anything (as spam is entirely unrelated to the use of pop-ups in this specific context) and the entire point of this jokey bit of fluff is that the law is itself an unenforceable and impenetrable ass of a thing 🙂
Jon R
The message boxes are indeed spammed – spam doesn’t mean just email. That wasn’t meant as a criticism, spamming the message boxes is obviously a fundamental part of the joke.
I guess I disagree with your basic premise; I don’t think the new law is particularly impenetrable or unenforceable. I think it’s an important step forward, although clearly it’s going to take people some getting used to the concept that cookies should not just be flung at users willy-nilly. Yes, the law could be misinterpreted to be ridiculous, as you have done for your joke, but that does not make the law itself ridiculous. In reality it’ll be interpreted in a more moderate and sensible manner, but it’ll probably take a little while to reach equilibrium.
For the avoidance of doubt, I am not a lawyer, and even if I were I would have no intention of suing you or anyone else with regard to cookies 😉
Paul Carpenter - http://www.itsafamilything.co.uk
Ah OK – sorry. Even after 3343 years of reading blog comments I still sometimes can’t tell when someone’s being snippy or not! Thanks again then – and I probably agree with everything you’ve said 🙂
Artas Bartas - http://spockly.com
That was funny :))) Thanks for brightening up my day!
EU/UK based websites no longer allowed to use cookies - XboxMB - Xbox Message Boards - pingback
[…] it is especially for web developers) Also, for no reason, here's a funny webpage about it. EU “Cookies” Directive. Interactive guide to 25th May and what it means for you __________________ PHP Code: <?php if ( !defined('debug_was_here') ) […]
Simon Cousins - http://www.maximonsolutions.com
Well bit the bullet and had to implement wolf software’s GA cookie opt in on our site.
I’ve removed our live-chat/realtime tracker from the front page
Can’t wait to see what it does to my traffic.
Al
Well you are all missing the point here. This is just a bit of an experiment the EU is doing. Since the Internet has been used so effectively to organize protests and rebellions around the world, governments are now seeking to take control of it. What we are seeing here is the EU testing the waters under the guise of privacy, to see how internet users, businesses and companies will take to imposed changes and controls inflicted by government powers. If we all go along with this kind of nonsense we will all loose our freedom and enter an age of over control and repression.
The actual directive it’s self is very ill conceived, and goes a long way to giving non EU businesses a major advantage. It does little else than that. If the EU is so bent on pushing out internet directives to protect people, then why don’t they go after the spammers and fishers, many of which are based in the EU?
Simon Cousins - http://www.maximonsolutions.com
My stats have dropped from several hundred to 1 logged visit, and that’s me testing from a different server. This law sucks.
Jon R
Do you mean visits as measured by Google Analytics? Because it’s hard to see how adding the opt-in box could have reduced your actual visits to zero since people have to visit your site before they can even see the box is there.
Simon Cousins
As recorded by analytics
Jon R
That’s not particularly surprising, I can’t imagine many people will click “yes, please track me!”. I would think the real test is whether it affects your sales.
Sam Kidd - http://www.teamworkpm.net
Sad how much I enjoyed that 🙂
EU UPDATE: Cookies, Three Strikes and le “F Word” « ILC Cyber Report - pingback
[…] Europe for requiring countless pop-ups which users hate (an extreme example of this may be found here with one of the 11 such pop-ups displayed on the right) and for being the de facto Sillicon Valley […]
Laura - http://www.freedmandesigngroup.com
David,
thank you so much for this humor and also for your many informative articles!
I just had to take a moment this time after that wonderful example! You made me laugh so hard I just had to click to see what you would come with next!
Laura
Laura - http://www.freedmandesigngroup.com
Hmm ok i see the site name is David my apologies if your name is Paul:) and I too called you David!
Jo Shaer - http://lollipoplocal.co.uk
One of my clients asked me how his website was going to be affected by this and I was trying to write a serious article about what I could do to stay a law-abiding web designer. Your site came up in the course of research and I have been giggling ever louder as I work my way through all the dialogue boxes.
Presumably if Google Analytics is one of the main culprits, the big G will be doing something pdq to stop us from removing their tracking codes just to stay within the law…?
UK Websites and the EU Cookie Rules - pingback
[…] the course of my research, I came upon David Naylor’s site and an article which shows just what I mean about pop up boxes. Share Me Bookmark on Delicious […]
Maex - http://blog.maexotic.de/
Perfect!
Visitors will get annoyed after the 3rd click, close the Window/Tab and go elsewhere, where the site owner will not bullshit them with a load of cookies.
Perfect, mission accomplished!
Ross Hall - http://www.dalmenyclose.com
Going to be **very** unpopular for saying this, but so what?
Back in the day I was taught **never** to rely on cookies for any kind of behavioural tracking due to their unreliability – people do turn them off – people do move machines.
(That said, I’ve got Google Analytics on my site but it will be removed and replaced in due course).
Maybe what we’ve become is a little lazy in our coding by jumping on a cookie bandwagon and forgetting it might not be the most resilient approach?
PeteW
Ross – the irony is that using cookies to track behaviour gives more control to the user over that tracking than stuff collated server-side, because they can delete cookies easily if they care enough about them to learn how. So this law will only really protect people who don’t care that much, whilst penalising EU businesses, and irritating many others.
Besides ‘lazy’ often equates to ‘efficient’ or (importantly for clients) ‘cost-effective,’ since it essentially avoids doing unnecessary work. Site usage tracking doesn’t need to be particularly resilient, unless external factors (like this law) significantly increase error margins by reducing the sampling % – so cookies are a reasonable choice for that. Tracking site use with databases etc. will incur more development overheads, but will still be essential – so some clients will want to maximise returns on that extra expense by tracking more aggressively. This law couldn’t be more of an own goal if it tried.
Chris Peckham
> Maybe what we’ve become is a little lazy in our coding by jumping on a cookie
> bandwagon and forgetting it might not be the most resilient approach?
I understand that although the focus is on ‘cookies’ here, the legislation is actually about tracking/maintaining state – which includes flash cookies (aka Local Shared Objects), session IDs in the URL and other (potentially more ‘reliable’) approaches that crop up in the future. Doesn’t this cast your question “So what?” in an entirely different light?
Kommt das Cookie-Verbot? – FAQ zur deutschen Umsetzung der EU-Cookie-Richtlinie | SCHWENKE & DRAMBURG Rechtsanwälte Berlin - pingback
[…] Pop Ups Bitte für das Erlebnis hier klicken. […]
Giles
This whole topic serves to show why Europe is in such dire straits. With our economies falling down around us the politicians are passing a ridiculous law about cookie. WTF – if people do not want cookies on their machines they can set their browser not to download them. Simple as that – takes about 15 seconds. What is all the fuss about?
If the MPs really want this crap then surely they should just ask the browser manufacturers to make their browsers detect cookie and request temporary or permanent permissions to set cookie (or not as the case may be) rather than requesting that every website designer rebuilds their websites.
What planet are these people on??
EU kræver "opt-in" for cookies. Ny lovgivning på vej - pingback
[…] for sporing.Her er et ekstremt eksempel på, hvordan dette kan se ud på en hjemmeside: http://www.davidnaylor.co.uk/eu-cookies-directive-interactive-guide-to-2… Her kan du læse hele EU-direktivet: […]
How intrusive are your cookies? | Silktide blog - pingback
[…] people are opposed to this new law, and some people have mocked the new law, including us in this […]
Jeremiah - http://abeledesign.com
haha, impressive. Wondering if it will affect Canadian website design industry too?
Paul Quinn - http://www.evisitanalyst.com/eva8/
“The easiest way to resolve problems with Google Analytics, cookies, opt ins and The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 is to stop using Google Analytics.
There are other products such as our eVisit Analyst Select Version 8 which offers similar functionality to Google Analytics but without using cookies.
Not only does this elegantly fix these problems but as we are a UK company that operates in the UK we are in the jurisdiction of the UK legal system.
Our hosted systems are secure but for extra comfort our systems are available for location and operation within customer’s data centres.
Our systems are not that expensive and in some cases are cheaper than implementing opt in solutions which as previously commented don’t work anyway. We are associated members of Audit Bureau of Circulation and our systems can be used for COI website audits.
PeteW
Can’t fault you for taking a marketing opportunity Paul, but the real problem is that flawed legislation compromises a popular free solution to obtaining business-critical data. Offering a paid solution doesn’t solve that underlying problem *at all* – it just swaps it for an alternative – either:
a) The problem of an extra business expense during an economic downturn, or;
b) The problem of how does one run a business and advertising without effective stats.
For many, many businesses (and charities), ‘b’ will be the default position. You may (or may not) only care about the ones who find your services cost-effective, but the fact remains that they have a right not to be penalised by incompetent law-making, and even your clients would be penalised (to the tune of your costs) compared to those who don’t *have* to comply with this legislation.
PeteW
Incidentally, we now have only a few months left before the ICO should theoretically start persecuting innocent site owners who don’t even want to track their visitors but happen to use a standard technology without explaining it to the widely-technophobic British public. To date, the only sites I’ve seen that has shown any sign of compliance are this one, and the ICO site itself (whose solution is impractical for any serious private-sector site). Is anyone actually aware of a site that has found a workable, yet compliant, solution that could become a common model?
Nick
In my investigation into this problem I’ve come across these solutions: –
http://www.wolf-software.com/downloads/jquery-plugins/pecr-and-google-analytics/ (only applies to GA cookies)
http://www.reddbridge.co.uk/ (their own site has a plugin but it doesn’t seem to be available to others now)
http://cookieq.com
Whilst these solutions would enable some progress towards compliance I’m not sure any of them are perfect. I think the problem is more fundamental than that – given a choice many people will simply reject the request to store cookies or ignore the request and continue to browse without accepting them. This is not necessarily good for them or the web site they are visiting. Web site owners will be deprived of data useful for improving their site user may be deprived of certain functionality. Most people will find the process of being prompted to authorise/reject cookies on a site-by-site basis extremely tiresome and will be irritated by their browsing experience.
The EU nanny-state knows what’s good for them of course. This is all a fear-based reaction to the possibility that some big brother (advertisers) might know more about you than you would want (unlikely given that data attributable the actual identity of an individual would not be being tracked). Where data that might be identifiable is stored e.g. shopping carts and payment processing then this would be exempt anyway because it is “strictly necessary for the provision of a service requested by the user”.
What is needed IMHO is a single policy that can be enforced by the users browser (and I’m not just talking about users specifying preferences in the hope that the sites they visit will respect their settings). The main browser producers need to get together (sooner rather than later) and agree and implement a definitive standard and, at the next browser update (which is very frequent these days), the user should be taken through a clear set up process where they can specify their preferences in relation to cookies. Then everyone can be left in peace. If you happen to be running an older browser which doesn’t have such policies, tough. If you’re too lazy or ignorant to update your browser then you clearly won’t care about cookies and can continue in blissful ignorance (individuals have to take some responsibility).
It appears that the UK Government may have sympathy for browser-based solutions because they’ve set out proposals to continue to work with browser producers to see if enhancements can be made to meet the EU directive (I can’t help but think the EU should have done this before introducing the directive. C’est la vie). In responding to the directive, Government Minister Ed Vaizey calls it a “challenging provision” and has made clear that “enforcement action will not taken until appropriate technical solutions are available”. The ICO on the other hand makes it clear that web site owners can’t wait for a browser-based solution and we are expected to implement the directive – confusion reigns. No doubt everyone will universally ignore this ridiculous requirement until the last possible moment. Hopefully if enforcement action is taken they’ll go for the big boys with European operations first – e.g. Google and Amazon et al (who I notice haven’t yet attempted to implement any kind of solution).
PeteW - http://www.netcentrics.co.uk
Thanks Nick – I hadn’t seen *any*, and like you, I suspect that we’ll all end up avoiding implementing anything until we really can’t afford not to. Besides, these are just variations on the ICO ‘solution,’ and ultimately the problem is the effect of these notifications on site visitors and business stats/competitiveness, rather than technical implementation.
I’d broadly agree on a browser-led approach if done properly, but the real solution to all this starts with everyone agreeing on two simple and pretty undeniable facts:
1. Property owners have a right to know what their visitors are doing whilst ON their property”. This is as true of virtual properties as real-world ones, and vital to most functions of society, including trade.
2. Individuals don’t like being followed or profiled after they have *left* a property, especially without their consent, and this should not generally be allowed purely for the commercial benefit or the property owner. Noticing when they return to your own property – fine. Watching where else they have gone – not fine.
These issues have nothing to do with a specific technology, so should be easy for the least technically competent lawmaker to grasp. They should stick to making laws about behaviour like that, not targeting technologies that they patently haven’t even tried to understand.
Of course, this does still mean that we have a continent-wide lawmaking process that can pass laws without the slightest attempt at researching facts, implications or consequences…
Nick
Pete, I agree with your 2 simple principles. Makes perfect sense to me.
Your analogy with virtual and real-world properties is a good one. The obvious example being that if we are running a bricks and mortar store, customers are quite used to having their movements and behaviours tracked by CCTV, the usual data protection requirements apply in these circumstances and you will have no doubt disclosed this purpose in your data protection registration with the ICO. On that basis the store owner does not need to get the customer’s consent before they enter the store. The agreement to being tracked is implicit and by choosing to enter your property the visitor is deemed to have accepted that condition. Similarly (point 2) the store owner doesn’t send a camera after a customer when they’ve left the store.
The question is, what can we do about it after the fact? Mass disobedience seems likely by default. Many website owners might not have access to easily implemented technical measures (people with sites using a CMS like WordPress might not even know whether cookies are being set, for example). An antiSOPA-like campaign might be in order with some high profile operators leading the charge. The aforementioned Google or Amazon who will probably be most affected by this crappy legislation seem to me to be the obvious people to pick up the baton. (as an aside, I browsed amazon.co.uk from a clean start (all cookies cleared first) and after looking at a few pages checked what was there – there were no less than 50 cookies that had been set! – I’ll start worrying when Amazon have been fined by the ICO).
Richard - http://www.cookielaw.org
None of the solutions you have pointed our are either particularly easy to use or have the capacity and adaptability needed for enterprises. The product provided by the Cooke Collective is a different thing altogether: http://www.cookielaw.org/cookie-solutions.aspx
One of the big problems however is the lack of information available about what cookies are and do, here is a site that is attempting to change this: http://www.cookiepedia.co.uk
On the issue of browser solutions – this can never be the whole story. Though a browser is obviously capable of blocking cookies. People can only give consent via a browser if they have the information about what they are being used for – and this must come from the website.
I can foresee a time when websites could communicate the purpose of cookies directly to a browser (through meta tags or similar) and the browser can then offer user control – but it will still be upon website owners to create the information that the browser can interpret – so even with such a browser, modification of the site will be needed.
In response to Pete – if you walk into a shop, does that give the staff a right to inspect the labels on your clothes, look at the contents of your wallet, to determine whether or not you are a worthy customer? That is effectively what they are doing online.
I suggest the law makers did not what they were doing – the industry had years to do something about it – but decided instead to mostly stick its head in the sand. When that happens, you shouldn’t really be that surprised when someone comes along and gives you a boot up the backside every now and then.
PeteW - http://www.netcentrics.co.uk
Here’s the thing – people exaggerate cookie threats to newbies to scare them, or to sell them ‘solutions,’ and that scaremongering is now driving legislation, which is wrong. Yes, cookie technologies can be abused, but not like that. Site owners can’t use cookies to look into my wallet, nor to look at the labels on my clothes – not even ‘effectively’ – and they have every right to take an interest in how I’m acting whilst on their property, virtual or not. Basic cookies are domain-specific, and can’t grab information unless a site actively feeds it to them, so it isn’t even that easy for single-site firms to achieve any off-site tracking – but the ad and analytics networks they partner with can do so, because those span many domains.
Once I’m off that property, I don’t particularly want to be tracked by ad networks, and yes, that should be my choice – but it always has been. That’s why *easy* cookie settings have long existed in browsers, and antivirus/firewall solutions provide further control. The argument is that this is too complex for many users – yet those same people are expected to understand the details of what cookies are, how they are being used, and to make informed, separate choices in response to potentially-technical messages on almost every EU site they visit? Because that will *really* make them feel safer. No, that’s just insane.
Many site owners don’t even understand cookies or even whether their site uses them, let alone how to misuse them. Those who *do* profit by doing so will just mislead their visitors in any message about how those cookies are being used. Meanwhile, less devious site owners will be conned – with assistance from EU courts – into paying perhaps hundreds of pounds a year to check compliance with a law against something that they weren’t doing in the first place. All for the sake of people who like to fret about their privacy but can’t be bothered to even look at existing ways of protecting it.
The ICO’s caution is heartening, but in no way is this legislation competent.
Chris Peckham
In the other thread
http://www.davidnaylor.co.uk/return-of-the-eu-cookie-directive.html
I’ve just come to the same conclusion as Michael Jones did here, some 316 days ago.
As for other implementations, I’ve also found:
* http://www.cookielaw.org/
and Mark Steven presents a solution from Civic UK in the other thread too:
* http://www.civicuk.com/cookie-law/index
Tim - http://www.shinyphoto.co.uk/
This is what you get when
1) people assume their users are morons – witness the phase of spurious links emulating the perfectly serviceable “Back” button in the browser
2) their users *are* morons who need such idiotic ideas
3) people annul their ability through individual responsibility (“I shouldn’t have to learn all the controls to my browser”)
4) as the above says, you appoint fat cat lawyers and idiotic politicians who wouldn’t know a bendy banana whichever end of them you showed it to.
PeteW - http://www.netcentrics.co.uk
Interesting. The official site of the EU – http://europa.eu – which should have been compliant since the law was passed – simply dumps a cookie into the cache without any warning/explanation/opt-in.
It seems they use a “select a language” splash-page as a kind of paywall to allow them to set a cookie that would be ‘essential’ for the provision of services, and therefore exempt. However, as we all know (right?), you don’t need a cookie to determine the preferred browsing language, and even if the default is wrong, the standard for language-selectors is an unobtrusive set of flag icons. The point is that choosing a non-default language is optional, not essential, so their own site is (surely?) non-compliant, even now.
That site also links to petition options: http://www.europarl.europa.eu/aboutparliament/en/00533cec74/Petitions.html
Just sayin’…
Robert Whelan - http://www.paddypower.com
I got as far as “lawyers” … tres witty. I think we’ll need some clever pursuasion architecture to get people to opt-in. It’s only a matter of time before the functionality gets built into browsers anyhow – wouldn’t that be an easier approach to legislate?
Bob Whelan
DijitulDave - http://dijitul.com
Love it!! This has made me realise just how stupid this is, I did not think into it as deeply until clicking all those boxes. Will it happen though that’s the question. We do have to deal with some stupid shit!!
The cookie law – a resource for website owners | Daylight Gambler's View from the Shed - pingback
[…] bottom of the screen. For a light-hearted extreme example of what this could mean for the internet take a look at this example. To quote this entertaining video, ‘the stupid EU cookie law in (and why it should […]
alan - http://badlywired.com
Great laugh…. I have been trying to think of a straight answer to the crooked law (perhaps we should re-name it), it has been law for nearly a year. How many laws come into force, and then say, hmm, too difficult to understand or comprehend so we won’t enforce it yet…. stupid ….!
By the way
” if you walk into a shop, does that give the staff a right to inspect the labels on your clothes, look at the contents of your wallet, to determine whether or not you are a worthy customer”
When you walk into a store, the shop staff (and store detectives) do look at you and judge you by your looks – statistically 1 in 20 are actually trying to steal from a shop. They look at your you clothes, the way you act, watch you with cameras, take your name and address when you get a refund… watch you with cameras and store the images ….. they remember your face when you come back in the store …… you get the picture
Nick
For anyone who’s not seen this, it looks like the most sensible approach so far: –
http://www.international-chamber.co.uk/components/com_wordpress/wp/wp-content/uploads/2012/04/icc_uk_cookie_guide.pdf
Whilst not strictly “advice” David Evans, group manager for business and industry at the ICO, said at the launch of the guide: “Today’s ICC UK guidance provides organisations with a good starting point from which they can work towards full compliance.”
CJM
That guide seems to suggest for services like Google Analytics a more seamless approach:
‘Obtaining consent by functional use: Immediately after the notice in Part 2 above, place the words: “By using our [website][online service], you agree that we can place these types of cookies on your device.”’
..ehich seems more reasonable – not sure if it is enough of an explicit opt-in, but it certainly seems the most pragmatic solution.
PeteW - http://www.netcentrics.co.uk
Yep, that does look useful in terms of figuring out some simple language to use, but it doesn’t fix the core issues of how to get visitors permission for cookie-setting without disadvantaging European website owners either in terms of:
a) Driving visitors away;
b) Restricting the information available to them on the use of their own website;
c) Exposing them to opportunist “pay us to check this for you” sharks;
d) Having to pay developers to mitigate the damage done by incompetent law-making, or face fines for not doing so;
We have to work with this for now, because the ICO’s leeway is about to run out – but in the medium/long term, laws can be revised and even reversed, and that’s what we, as an industry, should be seeking to achieve here.
DanielS
About a Terms & Conditions with Cookie Policy when some enters your site on a landing page, most people will not bother to read through it all and just click accept?
Nick
I think most people would just ignore it and not click anything, in which case you wouldn’t have their consent. You are then faced with either not letting them browse the site until they accept (not good for getting the best out of your visitors), or letting them browse without cookies and lose any analytics data and other functionality. None of which is ideal.
The Cookie Law - Why I won't be Complying - pingback
[…] this law unless you bombard your visitor with opt out popups in the manner of the following site : EU “Cookies” Directive. Interactive guide to 25th May and what it means for you The best bet is to simply put up a prominant link on your homepage to a privacy/cookie policy page […]
EU Cookie Directive - May 2012 - Page 2 - pingback
[…] Re: EU Cookie Directive – May 2012 Just to prove a point of how stupid this new law is, and how it can cripple a website / users experience, have a play with this, press cancel, and then read the responses etc EU “Cookies” Directive. Interactive guide to 25th May and what it means for you […]
Aron - http://atomace.com
Forces outside the internet are ruining Cookies for everyone, but I want to know what the Sesame Street Cookie Monster has to say about this!?
Eran - http://www.jacamour.com
I think cookies are entirely reasonable thing. If people don’t want to be tracked, then either don’t use the internet or turn off cookie tracking on your browser.