The EU’s cookie directive has caused much consternation amongst web publishers, startups, and bloggers of all sizes since regulators passed it in 2009. It was supposed to come into force last year, but that deadline was pushed back by Britain’s privacy watchdog, the Information Commissioner’s Office (ICO) – which means it will now come into effect tomorrow across the UK. But with many of the web publishing community are actively ignoring the directive – how much is really going to change?
The directive basically states that if a website is using cookies to store information about users, or they are running any form of advertising or user tracking that uses cookies – then they need to make users aware of these cookies and give them the ability to opt out. In reality this means using some form of pop-up or overlay with a tick-box asking users if they are happy for the site and its advertisers to track them with cookies as implemented in the last few days by the FT and the BBC. Failure to comply with these rules means that website owners may be on the hook for a £500,000 fine, but the ICO only seems to be looking at large websites for the time being.
Whilst the directive may be well meaning and attempting to protect the privacy of its users, it misses some glaring issues. Firstly, the web does not have national boundaries, and forcing UK or even European websites to implement this technological change simply puts them on the back foot when competing with other sites in the US – people are often scared off by overlays/pop-ups and simply do not understand the choices offered to them about cookies and will simply look for the content elsewhere. Indeed, how cookies work and how anonymised the data they store is is completely misinterpreted by much of the media with stories of evil advertisers tracking someone’s every move.
Cookies are what help advertisers track you across sites so that sites can show you *targeted* advertising, such as the ones from Skyscanner that follow you around the web giving you the current best price for the flights you searched for last week. Cookies also help site owners see how their visitors are using there site so that they can make sure that their site design is working well for them and they can find what they are looking for in the least clicks. Cookies are what keep users logged into a site, so they don’t have to enter their username and password each time. They certainly aren’t evil.
If users really understood what cookies are used for, most would be fine with them – but as with a lot of web technologies they remain a mystery to most. There are plenty of free add-ons and plugins for browsers that let users have fine-grain control over how cookies are downloaded anyway – so if a user wants to be free of cookies they can do so for free with few clicks anyway. We don’t make cash points flash up warnings that your bank will know where you have taken out money, or each time you use your clubcard in the supermarket that Tescos are tracking exactly what you bought and when. It is all hidden away in the fine print of their terms and conditions where most people will never see it. Websites already rightly have to have privacy policies explaining how they use cookies and store user information – but this should be enough.
The extent to which web publishers see these new laws as ridiculous can be seen by the tiny minority of websites that have done anything about implementing the laws – and a number of startups have said (very much off the record) that they are waiting to see some enforcement happen before they start doing anything about it. For new companies on shoestring budgets, this is extra work, extra development time, extra red tape, and all the things that a supposedly pro-business government.
People’s privacy needs to be protected, but this could be done simply and easily through education with the government or browser developers like Google, Mozilla, Microsoft, and Apple more clearly explaining their cookie control options that are already there. That would be cheaper, easier, and mean the privacy of users will be in check whether they are visiting a website in the UK, in the US, or in China.
[Image courtesy of Intervain]
Pingback: UK Cookie Law Changed At The Last Minute | TechFruit