UK websites: No one bothers with cookie law, why should we?
Many website operators have responded to the Information Commissioner's last-minute watered-down tweak to implementing the European Union's cookie law by doing absolutely nothing to show that they have complied with the legislation. That's the damning verdict from consultancy outfit KPMG, which looked at 55 UK websites to see …
This topic is closed for new posts.
robust and effective plans
"organisations should have robust and effective plans in place to comply with the new changes"
Yup we've got a plan. The plan is we wrote a plan & we aren't doing anything else unless ICO come round asking why we haven't implemented the plan yet.
Re: robust and effective plans
Yup we've got a plan. The plan is we wrote a plan & we aren't doing anything else unless ICO come round asking why we haven't implemented the plan yet.
Did you sit in on the meeting I had with my boss last month? Are you in fact my boss?
Anon. for ever more!
Cookie Law
So the browser will be bogged down with loads of confirmation cookies from all EU web sites you visit.
And when you clear your cookies, you start all over again.
Who ever though up this law wants slapping round the head with a wet kipper. They have no clue.
Re: Cookie Law
> Who ever though up this law wants slapping round the head with a wet kipper.
Who ever though up this law wants slapping round the head with a frozen wet kipper.
There, fixed it for you.
http://www.direct.gov.uk/en/SiteInformation/Cookies/DG_WP201851?CID=Central&PLA=url_mon&CRE=managing_cookies
worth it for the video
Kudos to Channel 4
I think it's worth shouting out how good Channel 4 have been on this. Their Video explaining what they do with cookies, fronted by Alan Carr is entertaining in its own right... Very open and clear about what they do with the info - including using it for targeted ads which brings them more revenue (and what that revenue is used for - more of the programmes you love).
Re: Kudos to Channel 4
(and what that revenue is used for - more bleeding Alan Carr )
Fixed that for you.
Re: Kudos to Channel 4
I think it it was more "bleeding Alan Carr" people would be happy. (Emphasis on the bleeding) ;)
Re: Kudos to Channel 4
But the vast majority of websites are run by individuals, small non-profit organisations and small businesses who don't have the resources to hire celebrities (or Alan Carr), quite possibly are using a CMS and so don't actually know what cookies their site uses, and maybe aren't that clued up on cookies themselves.
The point of the law is to prevent invasion of privacy. Non-tracking cookies should be unequivocally exempt (no grey areas about whether they are essential to the functionality of the site). Ubiquitous tracking cookies like Google etc should be the responsibility of Google etc - first time they want to track you, they should ask. That shouldn't be the individual responsibility of every single one of the millions of websites which use adsense or analytics.
In summary
ICO: There's a new cookie law
Webmaster: OK, have I broken it?
ICO: Maybe
Webmaster: Well, are you going to fine me?
ICO: Possibly
Webmaster: OK, then will you tell me how to avoid breaking it?
ICO: Well, it's up to you really. We'd kind of like you to ask your audience, but if you assume it's OK, then that might be OK, unless someone complains, and then it might not be. OK?
European Tour.com
The European Tour website www.europeantour.com is pretty hard handed about all this.
They gush "This website like many others uses cookies. It enables us to provide the very best user experience and many features are dependent on storing cookies. For a full list of the cookies we use and what they do please review our Privacy Policy." and one can Accept or Reject.
Rejecting, shuts down access to the site completely!. So because they need a cookie for their "key functionality", such as persistent log in and flagged players in the live scoring page, all access to the site is shut down.
The same goes for the iPhone app.
This is a rather heavy handed approach and one that I am sure will garner lots of amazingly positive responses from their user base.
Re: European Tour.com
I think every website should do this. If you won't accept cookies, you shouldn't be using the internet.
Re: European Tour.com
No. Turn off cookies in your browser, if their website doesn't work *they* shouldn't be using the internet.
99.99999% of cookies are unnecessary.
Excellent Revenue Generator
Thanks UK government for helping small business!!
30mins to build a complience widget, 100 website customers at £100 per implementation = £10,000 lovely pounds for me.
Yippee
I've just indicated to El Reg
For the umpteenth time that I am in point of fact ok with this. Is there a point to this new law?
Waste of time
The question nobody seems to have asked, is there anyone out there who disables all cookies and leaves sites that pop up asking you to use a tick box. It's a fact of life when you use the internet you will have to use cookies. It's like somebody not accepting any post because they might get pizza flyers.
ICO - Useless twats
I mean what fucking idiot thought it would be a good idea to bug me every time I visit a website to harass me about consent for cookies. Making it more annoying than harmless cookies themselves.
This is starting to annoy ordinary people already
My dad has cottoned on pretty quickly that (a) there's a new law in place, something to do with "cookies" and (b) that this is resulting in lots of annoying new pop-ups and unintelligible questions to answer when visiting websites.
In his case it was the new BT cookie pop-up: he had no idea which one of the three options he should choose, and so he called me for advice. Personally I'm just ignoring all cookie pop-ups, as I can't be bothered to research the implications of the cookies used by each website that pops up the notification. And the dodgy sites aren't exactly going to tell me to block their dodgy cookies, are they?
Why the fuss?
This is really simple (and for once, the EU got it right).
* If you're using Session cookies, you don't need to change anything. Implicit consent is fine.
* If you're using Personalisation cookies which benefit the user (eg to remember site preferences, or store a long-term login), you also don't need to do anything [though perhaps you should mention it in the privacy policy]
* If you're using tracking cookies (for cross-site advertising), then the law is quite rightly targeting you. Basically that behaviour is pretty evil, and although you can persuade the user to waive their privacy rights by "accepting" the tracking, this shouldn't happen.
* 3rd party analytics (eg Google) and non-tracking advertising are the grey-areas.
Here's a simple test;: if the average geek would consider your cookie beneficial to him, then you don't need to ask for consent. If you think the average geek would prefer to reject your cookie, then you do need to ask for consent (but you shouldn't be using that type of cookie anyway).
Another way of looking at this: very few businesses work with the "free content, ad-supported" model. Some do (eg The Reg; Facebook). But, If you aren't reliant on advertising, then this rule doesn't affect you, (or you are completely incompetent.)
Re: Why the fuss?
Actually what you describe is just one of the ICO's interpretations of the law, not the law itself.
3rd party analytics (eg Google) and non-tracking advertising are the grey-areas.
You ask why the fuss? That's why.
Most sites don't implement their own cross-site tracking, because most site owners don't control or influence large numbers of sites. Many sites use Google for adverts and analytics. It's the ambiguity over Google et al which is causing the concern.
That is all assuming the rest of what you say is actually how the law will be interpreted. This still has the capacity to become a weapon for those with wealth or power to use against websites they happen not to like.
Re: Why the fuss?
@Richard Neill
Well said. Good summary and very much the approach I take.
AFAIK the Google Analytics cookies are fine. I'm not at all bothered by this as everyone uses them so the information commissioner's hardly going to pick off one site for that.
Also, don't forget that HTML5 allows local storage of name=value pairs and also local databases. I'm sure these also apply in the same way as cookies (which aren't mentioned in the legal text?).
Some of you are claiming it should be down to the website developer to sort out this cookie mess - but you are clearly thinking that every single person with a Website in the UK is a talented web developer can write PHP, HTML and Javascript in Microsoft Notepad. You are completely wrong - a lot of websites are built by instant site type software, a lot of CMS / blogs like joomla etc don't have any option yet for switching off cookies... and then you have problems with dropping code from twitter, facebook, google etc onto your site - in many cases just using a iframe. What about the Met Office? they allow you add a Met Office widget to your website - I'll bet you that transfers a cookie with it. It's not like it's a law that only targets UK business either - as far as I know (though the law is pretty vague) it affects ANY UK website regardless if it's a charity, business, hobby, recreation site. I agree with other posters - this SHOULD be down to the browser manufacturers - it doesn't even need legislation - the browser that gets it right starts getting market share leaving the other manufacturers to play catch-up - and they will - because they have to - in order to stay relevant.
I don't know what kind of state worshipper would downvote such a post, so I upvote.
3rd party cookies, internet exploder, and IFRAMEs
IE doesn't allow third-party cookies in IFRAMEs. This is Microsoft's solution to security; disallow cookies by default.
http://stackoverflow.com/questions/389456/cookie-blocked-not-saved-in-iframe-in-internet-explorer
(BTW the P3P doesn't always work so you need to implement other solutions for session management if you really have to use this)
Argggghhh
I came back to developing about 6 months ago because the tools dont do my nut in anymore - CSS3 is lovely, HTML5 is ace + ruby is both simple and powerful.... then this happened. It's clearly written by people without 0.1% of a clue how the internet works.
How do I track if someone doesn't want to keep the cookies?
"What we need is some sort of extra file which is stored on the client from session-session to specify if cookies should be used. And they should be called biscuits not cookies"
... what he said ^^.
The alternative is a style-destroying bar of doom on every website. It's ridiculous. Well done Brussels.
We gave UK websites a year long lead in period to comply
This is a bit of a joke isn't it? I haven't receieved any formal notification about any of my sites needing to be compliant. Surely the onus is on the regulator to make potential offenders aware of changges to the law. Or does the UK Gov somehow know I read the Register and believe that to be ample notification? Maybe they're reading my comment right now!
What I find annoying is that a lot of sites are putting up banners saying that you must accept cookies to use the site with a button to accept them but most work perfectly OK without cookies. I just wonder if I am going to continue to get this annoying banner.
Free and gratis
You may freely use the following ICO-compliant text which ensures that your website users have given explicit consent:
"This website uses cookies. If you don't like it, naff off!"
(As seen on the Archbishop of Canterbury's personal website)
Message to El Reg
Don't make the banner slide up, just make a single ignorable line appear at the top of the page until dismissed with a click.
The main site is irritating but the mobile site is fecking annoying now. I'd rather not have everything grind to a halt while the banner slides up, is tapped, then slides down again.
Re: Message to El Reg
Further to that the "normal" site which used to be browsable on my old "feature phone" is now unusable on it due to a huge popup which will has no button to dismiss it and blocks up to 90% of the page.
My phone shows me your adverts too (PCs always have AdBlock) and I used to use it to browse your site at least as much as my PCs so you'll be losing all my "ad impressions" if you care.
Re: Message to El Reg
A couple of things I forgot to mention (Icon is for me)...
1) No sliding banner effects, just make it appear at the top with the rest of the page when loaded and disappear when clicked/tapped on.
2) No button, just a click or tap anywhere on the banner will make it go away. Opera Mobile, for example, zooms when you tap in an area with lots of links and it's not clear which one you wanted to tap. It just so happens that the putting the button in a layer above the page (with the page's usual links below) means it decides you've tapped in a crowded area and it zooms instead of dismissing the banner.
The answer?...
I run a small personal website, and despite researching the issue I couldn't really make heads or tails of what is required of me to comply with this joke of a law. So I put up a notice asking if you want to accept cookies. Clicking 'No' brings you to this page: http://www.callammcmillan.com/nocookie.php with an appropriately curt message.
As with most things that come out of Europe, this law is stupid, ill thought out and of benefit to absolutely nobody.
Banks
My bank simply said (from memory)..
We are required to inform you that our online banking system uses cookies to maintain security, manage your login, and deliver targetted adverts from selected partners. We are also required to inform you that you may opt out, however, opting out of any of our cookies will make our online banking service unusable.
Strange that I had blocked their "targetted advertisment" cookies ages ago, without ill effect.
Scaremongers.
Re: Banks
What's the Cockney Rhyming Slang translation for Merchant Banker?
Re: Banks
What's the Cockney Rhyming Slang translation for Merchant Banker?
Chancre?
Usage:
"He was a right ol' bleedin' chancre, guv".
Is there a Firefox add-on that replaces the content of all cookies I receive with bulky random garbage?
Fnar Fnar
"The Register uses cookies. Some may have been set already. Read about managing our cookies.
Please click the button to accept our cookies. If you continue to use the site, we'll assume you're happy to accept the cookies anyway."
Cookies blocked.
Whatcha gonna do?
Go off into the 'sulky corner'?
Fnar Fnar
"The Register uses cookies. Some may have been set already. Read about managing our cookies.
Please click the button to accept our cookies. If you continue to use the site, we'll assume you're happy to accept the cookies anyway."
Cookies Blocked...
Browser remembers my pissword so even though I am not 'logged in', as per your now missing cookie, I still get to post again.
Fnar Fnar
Re: Fnar Fnar
We'll accept a post with a valid email/password, but without cookies you need to supply it each time.
If your browser chooses to remember and pre-populate those fields (a) we can't control that and (b) we don't see this as a problem.
Re: Fnar Fnar
Only one problem, that's one of the bits that does not work.
This topic is closed for new posts.
