View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
July 20, 2012updated 05 Apr 2017 1:49pm

The ‘Cookies law’ remains a joke

Two months after the deadline passed for UK websites to be compliant with the ‘Cookie law’ red tape, most businesses simply aren't bothering.

By Cbr Rolling Blog

The whole point, allegedly, was to stop iffy websites from tracking visitors and collating data on their browsing habits for nefarious purposes. As it has worked out, only the reputable sites have bothered putting up warning banners (such as Barclays Bank, and CBR, of course) – the iffy websites haven’t bothered, nor does there seem to have been much of a punitive reaction from the government.

Worryingly, the maximum fine for non compliance is £500,000.

The EU laws concerning cookies changed on 26 May 2011, but the Information Commissioner (ICO) gave British website owners one year’s grace to conform to the legislation. Most seem not to have bothered, or have slapped up a last minute token message.

The new regulations set out that websites must obtain consent from each UK visitor to store or retrieve any information on the user’s computer or device (this includes tablets, smartphones, or any device you may connect to the web with). This is bad news for websites that use cookies – which, unfortunately, turns out to be pretty much all of them.

For those a bit confused at this point (and that would be fair enough) the ICO has provided a FAQ on the e-Privacy Directive concerning cookies here.

The main assumption made by the politicians is that cookies are somehow evil. They aren’t. They are simply mini tools to help make the web browsing experience easier and quicker; such as automatically filling out your address when online shopping, rather than having to re enter it every time, or for analysis of web traffic.

Yes, there are malicious cookies in play – but for anyone that keeps their web browser and anti-virus software up to date, these are killed off before they get the chance to do any damage.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Internet Explorer, Mozilla Firefox, Google Chrome and even Opera will all warn users if they are visiting dangerous sites, and tip off users to any improper cookie usage.

I personally use Flashblocker, Ad Blocker and Cookie Blocker, on top of Ghostery (to track who’s tracking me) – so I’ve already opted out of most risk – and in effect, the law wont ‘advantage’ me at all.

As much as I hate to bring politics into it, this is a problem that the private sector solved many, many years ago. And while I agree that any sites that slip through the cracks deserve to be punished to the full extent of the law by the government – surely UK businesses as a whole should not be the ones to suffer?

Gary Smith from Prism Total IT Support already estimates that 90% of UK websites are ignoring the legislation.

"Virtually all commercial websites use cookies in one form or another. Google Analytics is probably the most common and is used by about 60% of websites. Even in the case of simply applying Google Analytics to your site you need to let your visitors know that you are doing that," he said.

So any website that wants to track its traffic, a benign activity, has to point this out to a consumer visiting. I doubt any consumers would assume that their visit to a website was not being tracked. Its a fact of life in the internet world. Its how websites make money.

Its like a newspaper salesperson having to ask his customers permission to track how many copies of the free Evening Standard he has handed out at a London Underground station.

Of course, one of the main problems is that foreign companies aren’t held to the law., despite being the UK offshoot of the American online retailer, didn’t pop up any cookie friendly warnings. Nor has Youtube or Google. Needless to say, controversial sites such as the Piratebay are giggling behind their hands at such an absurd proposition.

So that makes a significant amount of the UK’s website traffic indifferent to a law, that, arguably, was passed by those with a fundamental misunderstanding of how the internet works, and would jeopardise our economy to score a few cheap political points.

Vinod Bange from law firm Taylor Wessing takes a far more pessimistic view.

"Given that the rest of mainland Europe is yet to take this Directive seriously, it is a shame that UK Plc’s online economy is being jeopardized," he said.

"If the new ‘Cookie law’ is fully enforced by the ICO, it could make Europe – and the UK specifically, a less attractive place to do business, and less competitive globally."

This kind of law flies in the face of the Govenrment’s stated goal of making the UK a tech hub, to draw in start ups and new innovation. Its an extra layer of red tape for the businesses involved, and a bothersome time waster for the ICO – both of which could become a drain on the national chequebook. Some businesses may simply decide to set up elsewhere.

As mentioned earlier, the non-EU businesses without assets in the region can circumvent the Directive and do business much as usual. EU-based businesses doing the same, and attempting to compete, risk prosecution.

It’s estimated that these lost customers could contribute to a loss of £10bn for UK businesses. It’s no wonder the same survey from Econsultancy found that 82% of digital marketers are against the directive.

"The EU Cookie Directive is cause for concern for many businesses. A lack of education and clear guidelines on what constitutes compliance has left many businesses unsure of how to meet the Directive," said Bange.

Needless to say, the main problem is for advertisers. This kind of law could potentially damage the still fledgling online advertising industry. Online advertisers and retailers use cookies to refine their websites, get feedback on purchases – which leads to high sales conversion – and track how successful a certain page is.

The EU governments have done a good job of painting this legislation as protection against invasive advertising – a recent survey by Econsultancy revealed that 89% of UK consumers think the EU cookie law is a positive move. As far as I’m concerned, as long as the ad isn’t a 90s-style pop up ad being shoved in my face, I’m ok with Google Ads down the side of the page, out of the way.

The world isn’t free. Businesses have a right to make money. Anyone that thinks everything on the web should just be free is a fool. That’s like complaining about advertising in the newspaper, or claiming the classifieds pages are annoying. Just dont read them, or click on them.

To be fair, much of my ‘worst case scenario’ hypotheses rely on a particularly draconian implementation of the law, which is doubtful at this stage. The ICO has said they have had a few complaints from the public and website owners, and are working with them to help them meet the standards rather than punish indiscriminately.

But who knows in the future? In the modern world, fascistic behavior tends to come from behind bureaucratic walls and arcane legislature, rather than from blackshirts marching down the street.

Perhaps one day a certain website protesting against the government forgets to put their silly little cookie banner up… and is shut down and levied with a £500,000 fine.

Thats a world I want no part of.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.