Feeds

back to article UK websites: No one bothers with cookie law, why should we?

Many website operators have responded to the Information Commissioner's last-minute watered-down tweak to implementing the European Union's cookie law by doing absolutely nothing to show that they have complied with the legislation. That's the damning verdict from consultancy outfit KPMG, which looked at 55 UK websites to see …

COMMENTS

This topic is closed for new posts.

Page:

Thumb Down

55 websites?

Well that's obviously a very good sample that's going to give them an accurate picture of what's going on, isn't it?

19
2
FAIL

Re: 55 websites?

Quite!

Even claims in dodgy ads for making eyelashes 'lusher', or some such manage a larger sample size than that.

Can almost imagine the scene at the KPMG 'research centre': "Shit, we've got 7 minutes before we have to hand in this report, been caning the gak for the last 8 hours and 23 minutes....right, let's see how many sites we can squeeze in".

And these twats audit how many of the FTSE 100?

5
1

Re: 55 websites?

You mean "appear lusher". Like "healthy looking hair" which isn't actually healthy at all. Perfect for the sort of idiot who actually agrees that the screen on the ipad really does "look this good", when viewed as an advertisment on their television.

Still, I don't blame them. It obviously works.

They could have at least audited all of the FTSE 100 web sites. That sample might have meant something, even if it's still ultimately pointless.

1
1
Anonymous Coward

These little pop up pop ups are really getting up my nose.

Whoever dreamed this up should be subjected to them for the rest of their lives.

6
0
Silver badge
Big Brother

They probably will be subjected to them. If you deny permission the site has no way to track the fact so you're stuck being asked all the time. Makes you wonder if it's a clever ploy to piss people off so much that they accept cookies just so that the warning goes away.

3
0

Healthy looking hair

My hair's so strong and shiny ... because it's made of nylon.

0
0
Silver badge

Re: 55 websites?

Actually it will if the sample is properly selected. You don't actually need that big a sample.

1
0
Anonymous Coward

Re: 55 websites?

KPMG are totally useless, as the last ten years has demonstrated over and over again. They continue to exist due to backhanders on a massive scale to government ministers who are promised "jobs" consisting of ten hours of turning up at conferences to stuff their faces every month in return for 50 grand a year if they just make sure that the company's failures are continually overlooked every time they tender.

It;s not just KPMG, of course. Our company sub-contracts for PwC and getting a glimpse inside reveals why these big "consultancy" firms are so bad at everything they do - they're staffed by and run by total idiots who don't understand their own company let alone anything they're brought in to look at. I've never met so many people with so little feeling that they might get the sack if the project they're on goes wrong.

And quite rightly. I've watched them throw hundreds of thousands of pounds (not their own, of course, the NHS's) at projects that were ill-conceived and badly designed for no obvious purpose and then, when the moron in charge moves to a different department, they just forget the whole thing. Literally not the slightest effort to even deliver the pile of crap they had developed so far. 100% waste.

I always have a good laugh about the idea that the private sector is some haven of efficiency and quality - 9 out of 10 times it's the private sector that actually ran or designed some great public sector disaster. And most of the time, the people in the public sector had repeatedly pointed out that the project was in trouble years before the collapse. But of course, they can't offer the minister a three-girl blowjob in the Caribbean and a 50K boost to his pension for the rest of his life, can they?

Thank goodness we don't have corruption in this country like those nasty foreigners; otherwise it would be easy to become cynical.

1
1
Anonymous Coward

Re: 55 websites?

> Well that's obviously a very good sample that's going to give them an accurate picture of what's going on, isn't it?

Depends on how the sample has been selected. If it was done diligently, then a sample of 55 can have enough statistical power to make significant inferences about a vastly larger population.

I don't know the methodology used by the auditors so I cannot formulate any valid opinions as to its suitability. I don't see much that is "obvious" here about it being a good sample or, particularly, otherwise.

0
0
Anonymous Coward

While we are on the subject...

...why can't El Reg use cookies to remember that I have consented to them using cookies and therefore stop asking me EVERYTIME I visit the site if 'I'm fine' with them using cookies (even though there is no option for me to 'not be fine' with it)?

On the other hand maybe I have blocked all cookies or something - I can't be arsed to check.

13
0
Silver badge
Linux

Re: While we are on the subject...

I expect your cookie expired/session ended and you need to agree to the message again.

0
1
Anonymous Coward

Re: While we are on the subject...

Doesn't keep asking me. I've probably whored my cookie rights over though.

0
0

Re: While we are on the subject...

I gave up and adblocked the notification message instead...

Yes, I clear all cookies automatically on close, so it probably deletes the "OK" cookie, as well as the nefarious ones...

6
0
Silver badge

Re: While we are on the subject...

What we need is some sort of extra file which is stored on the client from session-session to specify if cookies should be used.

And they should be called biscuits not cookies

4
0
Bronze badge

Re: While we are on the subject...

Yeah, but then again it only happened when I opened 10 tabs with news stories on so at least they make you click it to comply.

0
0

Re: While we are on the subject...

Are you looking at different parts of the website? They all seem to have different cookies, which is why you have to log in several times when browsing this site. Which isn't annoying at all.

2
0
Silver badge

Re: While we are on the subject...

We really need a more complex approach to cookie management.

It seems fitting that this should be based on the hierarchy of crunchy comestibles.

So a cookie that you are prepared to keep permanently until it expires would be flagged - "rich-tea biscuit"

One which will be deleted as soon as your session ends will be represented by the shorter lived "hobnob".

And a cookie that never even makes it as far as the cupboard would be a "chocolate caramel"

5
0
Joke

Re: While we are on the subject...

Perhaps an advertising cookie could be classified as that ginger-haired step-child of the biscuit world: the jaffa cake.

2
0
Silver badge
Pirate

Re: While we are on the subject...

I'm sure KPMG can offer you complex cookie hierarchy management consultancy by Certified Cookie Hierarchy Management Specialists fully compliant with all the ICOs of nationalities various and sundry for a low, low fee.

1
0
Flame

Re: While we are on the subject...

I gave up and adblocked the notification message instead...

What filter did you use? I am sick of the thing coming up every_fucking_page of the site despite me clearing out cookies and allowing them for el reg. I'm sick of the damn thing. A plague of boils 'pon your web monkey's wotsits, Reg!!!

2
0

Re: While we are on the subject...

Various iterations of:

theregister.co.uk###RegCCO

(for each domain - I suppose I could probably wildcard it, but I was too lazy!).

Firefox add-on "Element Hiding Helper for Adblock" helps work out the correct filters.

2
0
Anonymous Coward

Re: While we are on the subject...

Blessings on your wise and ancient head, Mr Wibble. Just off to give the Guardian and the Beeb a gentle kick in the bollocks.

0
0
Silver badge

Re: While we are on the subject...

It's called the "do not track" header. http://www.theregister.co.uk/2012/06/01/advertisers_angry_do_not_track/

Most sites seem to ignore that when determining whether or not I have given them "implied consent".

0
0
Anonymous Coward

Re: While we are on the subject...

Anonymous, cos I can't login any more :(

No, there seems to be something broken with the cookie handling on El Reg.

Certainly cookie 5 (eucookie) is not set, no matter how many times I click on 'I'm fine with this'

Unfortunately the table on <a href="http://www.theregister.co.uk/Profile/cookies/>El Reg cookie policy </a> does not indicate which domain would want to set which cookie, so it's a bit difficult to be more precise.

0
0

It's a moronic law written by people with no knowledge of the technologies involved. It's practically unworkable as it stands and will hopefully be dropped entirely shortly. If not, at the very least lets hope that ignoring it becomes commonplace. Like how it's illegal to park your car on the pavement but the police are unlikely to prosecute you for it unless you're causing a problem for others.

15
1
Silver badge
Megaphone

@Oliver

Not sure I agree. There also tends to be lots of confusion about this law (seems even with KPMG) and the versions I've read so far (can't be bothered to look for the original and try to make some sense out of it) are quite unanimous: the cookies which you should warn about are the so called session tracking cookies. So cookies which could be (ab)used by other websites to gather info about the stuff he or she did on your website.

But regular cookies such as keeping registration info for a website, "functionality cookies" (as I tend to call them; so making sure stuff works for the current website session) and all the other cookies which are required to make sure your site operates as normal do not fall under this law.

With that in mind I don't think this law is very stupid. Because the one thing people get bothered with are the trackers. The stuff which makes sure that the website still knows you looked for shoes, but also allows other websites to pick up this info and throw shoe ads in your face.

Its not as if that behavior couldn't be prevented ....

3
0
Vic
Silver badge

Re: @Oliver

> can't be bothered to look for the original

It's often a good idea...

> the cookies which you should warn about are the so called session tracking cookies

This is not sufficient, per the legislation.

Regulation 6 says this :-

"a person shall not store or gain access to information stored, in the

terminal equipment of a subscriber or user unless the requirements of

paragraph (2) are met.

(2) The requirements are that the subscriber or user of that terminal equipment-

(a) is provided with clear and comprehensive information about the purposes of

the storage of, or access to, that information; and

(b) has given his or her consent.

"

Note that this covers all cookies, not just session cookies.

Whether or not any of this will actually be enforced is another matter of course. And the ICO's "implied consent" defence essentially nullifies any possible prosecution unless a site is truly taking the piss, and its users complain.

Vic.

1
0

IANAL but I believe it actually isn't illegal to park your car on the pavement. I think it's illegal to 'drive' your car on the pavement but, if it's just parked there, that's fine. The police will only move your car if it is causing an obstruction. Of course, if there are double yellows on the road you are still liable to be ticketed, but it can be useful where there are no lines and some idiot at the council has built out a bit of pavement purely as a nuisance (I'm sure we can all testify to this phenomenon).

0
0
Coat

Re: Oliver 7

How do you park your car on the pavement without first driving on it? Therefore the act of being on the pavement implies getting there illegally.

IANAL also but I get annoyed with people parking on pavements and i have to squeeze around them. I feel sorry for anyone in a wheelchair. If there is a car on the otherside of the raod meaning it would be impractical to park opposite it, don't. Find somewhere else to park dont use up the space intended for people walking.

Rant over, off topic, coat fetched.

1
0

Don't know where you live, but on my street if you park on the pavement you will cause an obstruction. Doesn't stop them, of course. Just to be certain, they always put their bins out a few days early to make sure the pavement is completely blocked.

0
0

Re: Oliver

Parking on footpaths is illegal in Landan Town (http://www.legislation.gov.uk/ukla/1974/24/section/15).

The cookie law annoys me as I keep seeing these silly grey banners wittering on about cookies. I wondered why they kept popping up everywhere. If I want to stop cookies it's not hard and I shall make the effort. I just wish the law made them put the "cookie spam banner" in a .js file with a given name to make it straightforward to block.

0
0
g e
Silver badge

They should simply change it

To cover cookies that can track your behaviour outside of the website it was set within, or allow cookies from a TLD to be excused while browsing that TLD.

Surely that would just let normal everyday shortlived session cookies do their thing while 'dealing with' cookies that track your wider behaviour from stuff like FB & Google

1
1

Unenforceable

Considering the lack of enforcement of websites that breach of the 2006 Companies Act by failing to disclose the registered name, number, registered address and VAT number, this mickey mouse ruling will similarly be ignored by the majority.

2
0
Anonymous Coward

Re: Unenforceable

"breach of the 2006 Companies Act by failing to disclose the registered name, number, registered address and VAT number"

I think that's only required if the website is trading, no?

Either way, the legal requirement seems entirely reasonable, and it's the lack of enforcement which is the problem.

You want my custom, you comply with the law. It's not unreasonable is it?

Dobbies Garden Centres are the most recent offender I came across. Dobbies were bought by Tesco in 2008 but you'd barely know it from their website; the Ts+Cs still reference the pre-Tesco company number.

0
1
Anonymous Coward

Re: Unenforceable

"the Ts+Cs still reference the pre-Tesco company number"

That'll be because Dobbies Garden Centres Ltd (guessing that's the correct name) is the same trading entity as it was before Tesco bought them, so their registration with Companies House hasn't changed. Just because the profits are now going to Tesco instead of Mr Dobbie doesn't mean the company number has to change too

1
0
Anonymous Coward

Re: Unenforceable

Yes, it's entirely reasonable, but try to get anyone in authority to do anything is a waste of time. Clamping and private parking companies are notorious.

0
0
Anonymous Coward

Re: Unenforceable

"Dobbies Garden Centres Ltd (guessing that's the correct name) is the same trading entity as it was before Tesco bought them,"

Not really.

Before Tesco bought them it was Dobbies Garden Centres plc. Look it up on Webcheck at Companies House, where the name change is on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'.

Nowadays, Dobbies are a (wholly owned?) subsidiary of Tesco. Dobbies are not a plc at all.

If traders are not going to be honest about who they are, as legally required by the Business Names Act and subsequent legislation, they do not deserve to stay in business.

1
1
Anonymous Coward

Re: Unenforceable

And Dobbies didn't properly display the particulars of ownership in the real shop I've used in the past either.

0
0
Anonymous Coward

Business as usual then

Brussels introduces new law. The UK implements it, increasing costs for UK businesses. The other Europeans states ignore it thus making UK businesses slightly less competitive.

I saw a report a few years ago that looked at how the various states implemented laws passed down from Brussels. It turns out that the UK is the most compliant or all member states, with France and Germany happily ignoring anything they didn't agree with or could not be bothered to implement.

It is little wonder that France and Germany want more power passed on to Brussels. They will simply ignore it whilst the fools in the UK implement it.

6
0
Silver badge

Shit laws should be ignored

Dumping this clusterfuck on web developers is inane and shows a lack of understanding of how cookies and the internet function. If cookies are an issue that requires legislation, it should be on the browser makers to provide controls that are suitable for managing cookies (doing the work in one place- well, OK, 5) rather than asking millions of websites to alter how they work.

After all, the website doesn't store or transmit the information in the cookie, it asks the browser to do it.

5
0
Bronze badge

Re: Shit laws should be ignored

Exactly my thoughts.

If it was implemented at the browser, it would have two other benefits:

- it would be consistent for every site you visit, instead of the present situation where it's all over the place... top, bottom, side, buttons, checkboxes, etc.

- it could be turned off at the browser for people who don't need warnings on every individual site they visit, whereas now you have to 'ok' each individual site

Well done to everyone who has ignored this stupid law, and he's hoping you continue to.

3
0
Anonymous Coward

Re: Shit laws should be ignored

The guidance provided by the ICO states that:

"You must provide clear and comprehensive information about any cookies you are using"

This is beyond the ability of the browser which is why the onus is on the websites.

3
0

Re: Shit laws should be ignored

and as I see it, most browsers already have controls in place to restrict cookies or only block 3rd party cookies, or ... so don't even need it to be developed.

Like you, I don't really see why it should be down to web developers either, particularly as most of the offenders using tracking cookies are probably hosted outside of the EU anyway, and therefore don't need to comply.

(For the record, after removing the Google Analytics snippet, I have zero cookies - unless you login which is solely for editing via the CMS anyway. However I'm still unclear whether I'm compliant if I've not written a cookie use policy statement and published it, saying that we don't use cookies, or whether simply not having any cookies is sufficient... Anyone?)

1
0
Silver badge

Re: Shit laws should be ignored

With a minor change to the cookie "spec" (haha), this information could be easily transmitted along with any cookie, and it wouldn't require web developers to come up with 50,000 different definitions of the __gads cookie does.

Changes to the cookie "spec" happen when a quorum of browser developers determine that new features are needed, and can happen very quickly. Just look at the adoption of the "HttpOnly" and "Secure" flags on cookies.

I'd be fine on a law saying EU websites must emit a "Purpose" flag on cookies, and that browsers in the EU must implement a cookie control mechanism that displays and manages this information.

These sorts of laws should be run by engineers first so that we can say "No, you dipshit, that is complete bonkers, this is how the problem can be solved simply and cheaply".

1
0
Anonymous Coward

Re: SteveK

The ICO guidance document:

http://www.ico.gov.uk/news/blog/2012/~/media/documents/library/Privacy_and_electronic/Practical_application/cookies_guidance_v3.ashx

0
0
Anonymous Coward

Re: Shit laws should be ignored

At the present moment those who develop browsers have no legal responsibility to accurately implement any of the HTTP protocol or to render any of the HTML tags in any of the specifications.

If the ICO makes it the responsibility of the browser developers then they would have a legal responsibility to implement certain features. Failure to do so might make them susceptible to fines, from the ICO, for failing to properly disclose what a 3rd parties cookie does.

What would happen to those browsers that did not implement this special feature? Would they become illegal to use or distribute? Would it be illegal to intentionally develop a browser that ignored this feature?

The ICO has put the burden in the proper place and it is with those who want to use cookies: The web sites.

NOTE: I also think it is a shit law and hope everybody ignores it.

1
0
Silver badge

Re: Shit laws should be ignored

'These sorts of laws should be run by engineers first so that we can say "No, you dipshit, that is complete bonkers, this is how the problem can be solved simply and cheaply"'

Steady on, now, Tom38 - imagine if we took that approach to government IT projects?

0
0
Silver badge

@AC 15:55

Actually P3P could do it, but that never got off the ground.

1
0
Bronze badge
FAIL

Re: Shit laws should be ignored

The browser could assume that every site has a privacy policy and show a warning if you have not visited the site before that you should read the privacy policy regarding cookies. At least then, the warnings would look consistent. And you could no doubt turn them off centrally, for the 99% of us, who really don't give a toss.

But no. Every single web site has a different privacy policy, and the onus is now on the casual visitor to read each and every one, in order to make an informed decision on whether to use the site? Seriously, it is obvious that this is completely impractical and that *nobody* is going to waste their life reading pages of legal agreements on every web site they visit.

How's this as a better solution:

All browser vendors, on each update, send the user to a 'run once' page on their site (Moz does this already, IE too after major version update). They detect EU ip addresses, and in this case, give you clear info on cookies, and the tools in their browser to control them.

Simple eh? Those who care about cookies can learn to use the tools in their browser. Everyone else can carry on before. Millions of man hours across Europe not wasted on this pointless exercise. Couple of dozen man hours at each browser vendor.

0
0
Anonymous Coward

Re: Shit laws should be ignored

> With a minor change to the cookie "spec" (haha), this information could be easily transmitted along with any cookie

Functionally, that's what was attempted with P3P ( http://www.w3.org/P3P/ ) which, at the W3C site states, is dead in the water as nobody took any interest on it.

Although I suppose new life could be breathed into it if appropriate legislative changes were made. From my recollection, P3P seemed quite adequate from a technical or CHI (computer-human interaction) point of view.

0
0

Page:

This topic is closed for new posts.