back to article UK websites: No one bothers with cookie law, why should we?

Many website operators have responded to the Information Commissioner's last-minute watered-down tweak to implementing the European Union's cookie law by doing absolutely nothing to show that they have complied with the legislation. That's the damning verdict from consultancy outfit KPMG, which looked at 55 UK websites to see …

COMMENTS

This topic is closed for new posts.
  1. Tony Green
    Thumb Down

    55 websites?

    Well that's obviously a very good sample that's going to give them an accurate picture of what's going on, isn't it?

    1. Flugal
      FAIL

      Re: 55 websites?

      Quite!

      Even claims in dodgy ads for making eyelashes 'lusher', or some such manage a larger sample size than that.

      Can almost imagine the scene at the KPMG 'research centre': "Shit, we've got 7 minutes before we have to hand in this report, been caning the gak for the last 8 hours and 23 minutes....right, let's see how many sites we can squeeze in".

      And these twats audit how many of the FTSE 100?

      1. pPPPP

        Re: 55 websites?

        You mean "appear lusher". Like "healthy looking hair" which isn't actually healthy at all. Perfect for the sort of idiot who actually agrees that the screen on the ipad really does "look this good", when viewed as an advertisment on their television.

        Still, I don't blame them. It obviously works.

        They could have at least audited all of the FTSE 100 web sites. That sample might have meant something, even if it's still ultimately pointless.

        1. Just Thinking

          Healthy looking hair

          My hair's so strong and shiny ... because it's made of nylon.

      2. Anonymous Coward
        Anonymous Coward

        Re: 55 websites?

        KPMG are totally useless, as the last ten years has demonstrated over and over again. They continue to exist due to backhanders on a massive scale to government ministers who are promised "jobs" consisting of ten hours of turning up at conferences to stuff their faces every month in return for 50 grand a year if they just make sure that the company's failures are continually overlooked every time they tender.

        It;s not just KPMG, of course. Our company sub-contracts for PwC and getting a glimpse inside reveals why these big "consultancy" firms are so bad at everything they do - they're staffed by and run by total idiots who don't understand their own company let alone anything they're brought in to look at. I've never met so many people with so little feeling that they might get the sack if the project they're on goes wrong.

        And quite rightly. I've watched them throw hundreds of thousands of pounds (not their own, of course, the NHS's) at projects that were ill-conceived and badly designed for no obvious purpose and then, when the moron in charge moves to a different department, they just forget the whole thing. Literally not the slightest effort to even deliver the pile of crap they had developed so far. 100% waste.

        I always have a good laugh about the idea that the private sector is some haven of efficiency and quality - 9 out of 10 times it's the private sector that actually ran or designed some great public sector disaster. And most of the time, the people in the public sector had repeatedly pointed out that the project was in trouble years before the collapse. But of course, they can't offer the minister a three-girl blowjob in the Caribbean and a 50K boost to his pension for the rest of his life, can they?

        Thank goodness we don't have corruption in this country like those nasty foreigners; otherwise it would be easy to become cynical.

    2. Anonymous Coward
      Anonymous Coward

      These little pop up pop ups are really getting up my nose.

      Whoever dreamed this up should be subjected to them for the rest of their lives.

      1. AndrueC Silver badge
        Big Brother

        They probably will be subjected to them. If you deny permission the site has no way to track the fact so you're stuck being asked all the time. Makes you wonder if it's a clever ploy to piss people off so much that they accept cookies just so that the warning goes away.

    3. jonathanb Silver badge

      Re: 55 websites?

      Actually it will if the sample is properly selected. You don't actually need that big a sample.

    4. Anonymous Coward
      Anonymous Coward

      Re: 55 websites?

      > Well that's obviously a very good sample that's going to give them an accurate picture of what's going on, isn't it?

      Depends on how the sample has been selected. If it was done diligently, then a sample of 55 can have enough statistical power to make significant inferences about a vastly larger population.

      I don't know the methodology used by the auditors so I cannot formulate any valid opinions as to its suitability. I don't see much that is "obvious" here about it being a good sample or, particularly, otherwise.

  2. Anonymous Coward
    Anonymous Coward

    While we are on the subject...

    ...why can't El Reg use cookies to remember that I have consented to them using cookies and therefore stop asking me EVERYTIME I visit the site if 'I'm fine' with them using cookies (even though there is no option for me to 'not be fine' with it)?

    On the other hand maybe I have blocked all cookies or something - I can't be arsed to check.

    1. Miek
      Linux

      Re: While we are on the subject...

      I expect your cookie expired/session ended and you need to agree to the message again.

      1. Anonymous Coward
        Anonymous Coward

        Re: While we are on the subject...

        Anonymous, cos I can't login any more :(

        No, there seems to be something broken with the cookie handling on El Reg.

        Certainly cookie 5 (eucookie) is not set, no matter how many times I click on 'I'm fine with this'

        Unfortunately the table on <a href="http://www.theregister.co.uk/Profile/cookies/>El Reg cookie policy </a> does not indicate which domain would want to set which cookie, so it's a bit difficult to be more precise.

    2. Anonymous Coward
      Anonymous Coward

      Re: While we are on the subject...

      Doesn't keep asking me. I've probably whored my cookie rights over though.

    3. MrWibble

      Re: While we are on the subject...

      I gave up and adblocked the notification message instead...

      Yes, I clear all cookies automatically on close, so it probably deletes the "OK" cookie, as well as the nefarious ones...

      1. Yet Another Anonymous coward Silver badge

        Re: While we are on the subject...

        What we need is some sort of extra file which is stored on the client from session-session to specify if cookies should be used.

        And they should be called biscuits not cookies

        1. Yet Another Anonymous coward Silver badge

          Re: While we are on the subject...

          We really need a more complex approach to cookie management.

          It seems fitting that this should be based on the hierarchy of crunchy comestibles.

          So a cookie that you are prepared to keep permanently until it expires would be flagged - "rich-tea biscuit"

          One which will be deleted as soon as your session ends will be represented by the shorter lived "hobnob".

          And a cookie that never even makes it as far as the cupboard would be a "chocolate caramel"

          1. Invidious Aardvark
            Joke

            Re: While we are on the subject...

            Perhaps an advertising cookie could be classified as that ginger-haired step-child of the biscuit world: the jaffa cake.

          2. Destroy All Monsters Silver badge
            Pirate

            Re: While we are on the subject...

            I'm sure KPMG can offer you complex cookie hierarchy management consultancy by Certified Cookie Hierarchy Management Specialists fully compliant with all the ICOs of nationalities various and sundry for a low, low fee.

        2. jonathanb Silver badge

          Re: While we are on the subject...

          It's called the "do not track" header. http://www.theregister.co.uk/2012/06/01/advertisers_angry_do_not_track/

          Most sites seem to ignore that when determining whether or not I have given them "implied consent".

      2. Mint Sauce
        Flame

        Re: While we are on the subject...

        I gave up and adblocked the notification message instead...

        What filter did you use? I am sick of the thing coming up every_fucking_page of the site despite me clearing out cookies and allowing them for el reg. I'm sick of the damn thing. A plague of boils 'pon your web monkey's wotsits, Reg!!!

        1. MrWibble

          Re: While we are on the subject...

          Various iterations of:

          theregister.co.uk###RegCCO

          (for each domain - I suppose I could probably wildcard it, but I was too lazy!).

          Firefox add-on "Element Hiding Helper for Adblock" helps work out the correct filters.

          1. Anonymous Coward
            Anonymous Coward

            Re: While we are on the subject...

            Blessings on your wise and ancient head, Mr Wibble. Just off to give the Guardian and the Beeb a gentle kick in the bollocks.

    4. Captain Scarlet Silver badge

      Re: While we are on the subject...

      Yeah, but then again it only happened when I opened 10 tabs with news stories on so at least they make you click it to comply.

      1. pPPPP

        Re: While we are on the subject...

        Are you looking at different parts of the website? They all seem to have different cookies, which is why you have to log in several times when browsing this site. Which isn't annoying at all.

  3. Oliver Mayes

    It's a moronic law written by people with no knowledge of the technologies involved. It's practically unworkable as it stands and will hopefully be dropped entirely shortly. If not, at the very least lets hope that ignoring it becomes commonplace. Like how it's illegal to park your car on the pavement but the police are unlikely to prosecute you for it unless you're causing a problem for others.

    1. Anonymous Coward
      Megaphone

      @Oliver

      Not sure I agree. There also tends to be lots of confusion about this law (seems even with KPMG) and the versions I've read so far (can't be bothered to look for the original and try to make some sense out of it) are quite unanimous: the cookies which you should warn about are the so called session tracking cookies. So cookies which could be (ab)used by other websites to gather info about the stuff he or she did on your website.

      But regular cookies such as keeping registration info for a website, "functionality cookies" (as I tend to call them; so making sure stuff works for the current website session) and all the other cookies which are required to make sure your site operates as normal do not fall under this law.

      With that in mind I don't think this law is very stupid. Because the one thing people get bothered with are the trackers. The stuff which makes sure that the website still knows you looked for shoes, but also allows other websites to pick up this info and throw shoe ads in your face.

      Its not as if that behavior couldn't be prevented ....

      1. Vic

        Re: @Oliver

        > can't be bothered to look for the original

        It's often a good idea...

        > the cookies which you should warn about are the so called session tracking cookies

        This is not sufficient, per the legislation.

        Regulation 6 says this :-

        "a person shall not store or gain access to information stored, in the

        terminal equipment of a subscriber or user unless the requirements of

        paragraph (2) are met.

        (2) The requirements are that the subscriber or user of that terminal equipment-

        (a) is provided with clear and comprehensive information about the purposes of

        the storage of, or access to, that information; and

        (b) has given his or her consent.

        "

        Note that this covers all cookies, not just session cookies.

        Whether or not any of this will actually be enforced is another matter of course. And the ICO's "implied consent" defence essentially nullifies any possible prosecution unless a site is truly taking the piss, and its users complain.

        Vic.

    2. Oliver 7

      IANAL but I believe it actually isn't illegal to park your car on the pavement. I think it's illegal to 'drive' your car on the pavement but, if it's just parked there, that's fine. The police will only move your car if it is causing an obstruction. Of course, if there are double yellows on the road you are still liable to be ticketed, but it can be useful where there are no lines and some idiot at the council has built out a bit of pavement purely as a nuisance (I'm sure we can all testify to this phenomenon).

      1. Ragarath
        Coat

        Re: Oliver 7

        How do you park your car on the pavement without first driving on it? Therefore the act of being on the pavement implies getting there illegally.

        IANAL also but I get annoyed with people parking on pavements and i have to squeeze around them. I feel sorry for anyone in a wheelchair. If there is a car on the otherside of the raod meaning it would be impractical to park opposite it, don't. Find somewhere else to park dont use up the space intended for people walking.

        Rant over, off topic, coat fetched.

      2. Just Thinking

        Don't know where you live, but on my street if you park on the pavement you will cause an obstruction. Doesn't stop them, of course. Just to be certain, they always put their bins out a few days early to make sure the pavement is completely blocked.

    3. Ross 7

      Re: Oliver

      Parking on footpaths is illegal in Landan Town (http://www.legislation.gov.uk/ukla/1974/24/section/15).

      The cookie law annoys me as I keep seeing these silly grey banners wittering on about cookies. I wondered why they kept popping up everywhere. If I want to stop cookies it's not hard and I shall make the effort. I just wish the law made them put the "cookie spam banner" in a .js file with a given name to make it straightforward to block.

  4. g e

    They should simply change it

    To cover cookies that can track your behaviour outside of the website it was set within, or allow cookies from a TLD to be excused while browsing that TLD.

    Surely that would just let normal everyday shortlived session cookies do their thing while 'dealing with' cookies that track your wider behaviour from stuff like FB & Google

  5. Alexis Vallance

    Unenforceable

    Considering the lack of enforcement of websites that breach of the 2006 Companies Act by failing to disclose the registered name, number, registered address and VAT number, this mickey mouse ruling will similarly be ignored by the majority.

    1. Anonymous Coward
      Anonymous Coward

      Re: Unenforceable

      "breach of the 2006 Companies Act by failing to disclose the registered name, number, registered address and VAT number"

      I think that's only required if the website is trading, no?

      Either way, the legal requirement seems entirely reasonable, and it's the lack of enforcement which is the problem.

      You want my custom, you comply with the law. It's not unreasonable is it?

      Dobbies Garden Centres are the most recent offender I came across. Dobbies were bought by Tesco in 2008 but you'd barely know it from their website; the Ts+Cs still reference the pre-Tesco company number.

      1. Anonymous Coward
        Anonymous Coward

        Re: Unenforceable

        "the Ts+Cs still reference the pre-Tesco company number"

        That'll be because Dobbies Garden Centres Ltd (guessing that's the correct name) is the same trading entity as it was before Tesco bought them, so their registration with Companies House hasn't changed. Just because the profits are now going to Tesco instead of Mr Dobbie doesn't mean the company number has to change too

        1. Anonymous Coward
          Anonymous Coward

          Re: Unenforceable

          "Dobbies Garden Centres Ltd (guessing that's the correct name) is the same trading entity as it was before Tesco bought them,"

          Not really.

          Before Tesco bought them it was Dobbies Garden Centres plc. Look it up on Webcheck at Companies House, where the name change is on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'.

          Nowadays, Dobbies are a (wholly owned?) subsidiary of Tesco. Dobbies are not a plc at all.

          If traders are not going to be honest about who they are, as legally required by the Business Names Act and subsequent legislation, they do not deserve to stay in business.

          1. Anonymous Coward
            Anonymous Coward

            Re: Unenforceable

            And Dobbies didn't properly display the particulars of ownership in the real shop I've used in the past either.

      2. Anonymous Coward
        Anonymous Coward

        Re: Unenforceable

        Yes, it's entirely reasonable, but try to get anyone in authority to do anything is a waste of time. Clamping and private parking companies are notorious.

  6. Anonymous Coward
    Anonymous Coward

    Business as usual then

    Brussels introduces new law. The UK implements it, increasing costs for UK businesses. The other Europeans states ignore it thus making UK businesses slightly less competitive.

    I saw a report a few years ago that looked at how the various states implemented laws passed down from Brussels. It turns out that the UK is the most compliant or all member states, with France and Germany happily ignoring anything they didn't agree with or could not be bothered to implement.

    It is little wonder that France and Germany want more power passed on to Brussels. They will simply ignore it whilst the fools in the UK implement it.

  7. Tom 38

    Shit laws should be ignored

    Dumping this clusterfuck on web developers is inane and shows a lack of understanding of how cookies and the internet function. If cookies are an issue that requires legislation, it should be on the browser makers to provide controls that are suitable for managing cookies (doing the work in one place- well, OK, 5) rather than asking millions of websites to alter how they work.

    After all, the website doesn't store or transmit the information in the cookie, it asks the browser to do it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Shit laws should be ignored

      Exactly my thoughts.

      If it was implemented at the browser, it would have two other benefits:

      - it would be consistent for every site you visit, instead of the present situation where it's all over the place... top, bottom, side, buttons, checkboxes, etc.

      - it could be turned off at the browser for people who don't need warnings on every individual site they visit, whereas now you have to 'ok' each individual site

      Well done to everyone who has ignored this stupid law, and he's hoping you continue to.

    2. Anonymous Coward
      Anonymous Coward

      Re: Shit laws should be ignored

      The guidance provided by the ICO states that:

      "You must provide clear and comprehensive information about any cookies you are using"

      This is beyond the ability of the browser which is why the onus is on the websites.

      1. Tom 38

        Re: Shit laws should be ignored

        With a minor change to the cookie "spec" (haha), this information could be easily transmitted along with any cookie, and it wouldn't require web developers to come up with 50,000 different definitions of the __gads cookie does.

        Changes to the cookie "spec" happen when a quorum of browser developers determine that new features are needed, and can happen very quickly. Just look at the adoption of the "HttpOnly" and "Secure" flags on cookies.

        I'd be fine on a law saying EU websites must emit a "Purpose" flag on cookies, and that browsers in the EU must implement a cookie control mechanism that displays and manages this information.

        These sorts of laws should be run by engineers first so that we can say "No, you dipshit, that is complete bonkers, this is how the problem can be solved simply and cheaply".

        1. Anonymous Coward
          Anonymous Coward

          Re: Shit laws should be ignored

          At the present moment those who develop browsers have no legal responsibility to accurately implement any of the HTTP protocol or to render any of the HTML tags in any of the specifications.

          If the ICO makes it the responsibility of the browser developers then they would have a legal responsibility to implement certain features. Failure to do so might make them susceptible to fines, from the ICO, for failing to properly disclose what a 3rd parties cookie does.

          What would happen to those browsers that did not implement this special feature? Would they become illegal to use or distribute? Would it be illegal to intentionally develop a browser that ignored this feature?

          The ICO has put the burden in the proper place and it is with those who want to use cookies: The web sites.

          NOTE: I also think it is a shit law and hope everybody ignores it.

        2. John H Woods Silver badge

          Re: Shit laws should be ignored

          'These sorts of laws should be run by engineers first so that we can say "No, you dipshit, that is complete bonkers, this is how the problem can be solved simply and cheaply"'

          Steady on, now, Tom38 - imagine if we took that approach to government IT projects?

        3. Anonymous Coward
          Anonymous Coward

          Re: Shit laws should be ignored

          > With a minor change to the cookie "spec" (haha), this information could be easily transmitted along with any cookie

          Functionally, that's what was attempted with P3P ( http://www.w3.org/P3P/ ) which, at the W3C site states, is dead in the water as nobody took any interest on it.

          Although I suppose new life could be breathed into it if appropriate legislative changes were made. From my recollection, P3P seemed quite adequate from a technical or CHI (computer-human interaction) point of view.

      2. Dan 55 Silver badge

        @AC 15:55

        Actually P3P could do it, but that never got off the ground.

      3. Anonymous Coward
        FAIL

        Re: Shit laws should be ignored

        The browser could assume that every site has a privacy policy and show a warning if you have not visited the site before that you should read the privacy policy regarding cookies. At least then, the warnings would look consistent. And you could no doubt turn them off centrally, for the 99% of us, who really don't give a toss.

        But no. Every single web site has a different privacy policy, and the onus is now on the casual visitor to read each and every one, in order to make an informed decision on whether to use the site? Seriously, it is obvious that this is completely impractical and that *nobody* is going to waste their life reading pages of legal agreements on every web site they visit.

        How's this as a better solution:

        All browser vendors, on each update, send the user to a 'run once' page on their site (Moz does this already, IE too after major version update). They detect EU ip addresses, and in this case, give you clear info on cookies, and the tools in their browser to control them.

        Simple eh? Those who care about cookies can learn to use the tools in their browser. Everyone else can carry on before. Millions of man hours across Europe not wasted on this pointless exercise. Couple of dozen man hours at each browser vendor.

    3. SteveK

      Re: Shit laws should be ignored

      and as I see it, most browsers already have controls in place to restrict cookies or only block 3rd party cookies, or ... so don't even need it to be developed.

      Like you, I don't really see why it should be down to web developers either, particularly as most of the offenders using tracking cookies are probably hosted outside of the EU anyway, and therefore don't need to comply.

      (For the record, after removing the Google Analytics snippet, I have zero cookies - unless you login which is solely for editing via the CMS anyway. However I'm still unclear whether I'm compliant if I've not written a cookie use policy statement and published it, saying that we don't use cookies, or whether simply not having any cookies is sufficient... Anyone?)

      1. Anonymous Coward
        Anonymous Coward

        Re: SteveK

        The ICO guidance document:

        http://www.ico.gov.uk/news/blog/2012/~/media/documents/library/Privacy_and_electronic/Practical_application/cookies_guidance_v3.ashx

  8. This post has been deleted by its author

  9. Irongut

    robust and effective plans

    "organisations should have robust and effective plans in place to comply with the new changes"

    Yup we've got a plan. The plan is we wrote a plan & we aren't doing anything else unless ICO come round asking why we haven't implemented the plan yet.

    1. Anonymous Coward
      Anonymous Coward

      Re: robust and effective plans

      Yup we've got a plan. The plan is we wrote a plan & we aren't doing anything else unless ICO come round asking why we haven't implemented the plan yet.

      Did you sit in on the meeting I had with my boss last month? Are you in fact my boss?

      Anon. for ever more!

  10. John70

    Cookie Law

    So the browser will be bogged down with loads of confirmation cookies from all EU web sites you visit.

    And when you clear your cookies, you start all over again.

    Who ever though up this law wants slapping round the head with a wet kipper. They have no clue.

    1. Anonymous Coward
      Anonymous Coward

      Re: Cookie Law

      > Who ever though up this law wants slapping round the head with a wet kipper.

      Who ever though up this law wants slapping round the head with a frozen wet kipper.

      There, fixed it for you.

  11. ukgnome
    FAIL

    http://www.direct.gov.uk/en/SiteInformation/Cookies/DG_WP201851?CID=Central&PLA=url_mon&CRE=managing_cookies

    worth it for the video

  12. Chad H.

    Kudos to Channel 4

    I think it's worth shouting out how good Channel 4 have been on this. Their Video explaining what they do with cookies, fronted by Alan Carr is entertaining in its own right... Very open and clear about what they do with the info - including using it for targeted ads which brings them more revenue (and what that revenue is used for - more of the programmes you love).

    1. Anonymous Coward
      Anonymous Coward

      Re: Kudos to Channel 4

      (and what that revenue is used for - more bleeding Alan Carr )

      Fixed that for you.

      1. Anonymous Coward
        Anonymous Coward

        Re: Kudos to Channel 4

        I think it it was more "bleeding Alan Carr" people would be happy. (Emphasis on the bleeding) ;)

    2. Just Thinking

      Re: Kudos to Channel 4

      But the vast majority of websites are run by individuals, small non-profit organisations and small businesses who don't have the resources to hire celebrities (or Alan Carr), quite possibly are using a CMS and so don't actually know what cookies their site uses, and maybe aren't that clued up on cookies themselves.

      The point of the law is to prevent invasion of privacy. Non-tracking cookies should be unequivocally exempt (no grey areas about whether they are essential to the functionality of the site). Ubiquitous tracking cookies like Google etc should be the responsibility of Google etc - first time they want to track you, they should ask. That shouldn't be the individual responsibility of every single one of the millions of websites which use adsense or analytics.

  13. Anonymous Coward
    Anonymous Coward

    In summary

    ICO: There's a new cookie law

    Webmaster: OK, have I broken it?

    ICO: Maybe

    Webmaster: Well, are you going to fine me?

    ICO: Possibly

    Webmaster: OK, then will you tell me how to avoid breaking it?

    ICO: Well, it's up to you really. We'd kind of like you to ask your audience, but if you assume it's OK, then that might be OK, unless someone complains, and then it might not be. OK?

  14. Anonymous Coward
    Anonymous Coward

    European Tour.com

    The European Tour website www.europeantour.com is pretty hard handed about all this.

    They gush "This website like many others uses cookies. It enables us to provide the very best user experience and many features are dependent on storing cookies. For a full list of the cookies we use and what they do please review our Privacy Policy." and one can Accept or Reject.

    Rejecting, shuts down access to the site completely!. So because they need a cookie for their "key functionality", such as persistent log in and flagged players in the live scoring page, all access to the site is shut down.

    The same goes for the iPhone app.

    This is a rather heavy handed approach and one that I am sure will garner lots of amazingly positive responses from their user base.

    1. Anonymous Coward
      Anonymous Coward

      Re: European Tour.com

      I think every website should do this. If you won't accept cookies, you shouldn't be using the internet.

      1. nijam Silver badge

        Re: European Tour.com

        No. Turn off cookies in your browser, if their website doesn't work *they* shouldn't be using the internet.

        99.99999% of cookies are unnecessary.

  15. Anonymous Coward
    Go

    Excellent Revenue Generator

    Thanks UK government for helping small business!!

    30mins to build a complience widget, 100 website customers at £100 per implementation = £10,000 lovely pounds for me.

    Yippee

  16. Jason Hindle

    I've just indicated to El Reg

    For the umpteenth time that I am in point of fact ok with this. Is there a point to this new law?

  17. Anonymous Coward
    Anonymous Coward

    Waste of time

    The question nobody seems to have asked, is there anyone out there who disables all cookies and leaves sites that pop up asking you to use a tick box. It's a fact of life when you use the internet you will have to use cookies. It's like somebody not accepting any post because they might get pizza flyers.

  18. Anonymous Coward
    Anonymous Coward

    ICO - Useless twats

    I mean what fucking idiot thought it would be a good idea to bug me every time I visit a website to harass me about consent for cookies. Making it more annoying than harmless cookies themselves.

  19. Anthony Cartmell
    Unhappy

    This is starting to annoy ordinary people already

    My dad has cottoned on pretty quickly that (a) there's a new law in place, something to do with "cookies" and (b) that this is resulting in lots of annoying new pop-ups and unintelligible questions to answer when visiting websites.

    In his case it was the new BT cookie pop-up: he had no idea which one of the three options he should choose, and so he called me for advice. Personally I'm just ignoring all cookie pop-ups, as I can't be bothered to research the implications of the cookies used by each website that pops up the notification. And the dodgy sites aren't exactly going to tell me to block their dodgy cookies, are they?

  20. Antoinette Lacroix

    One word

    Bollocks

  21. Richard Neill

    Why the fuss?

    This is really simple (and for once, the EU got it right).

    * If you're using Session cookies, you don't need to change anything. Implicit consent is fine.

    * If you're using Personalisation cookies which benefit the user (eg to remember site preferences, or store a long-term login), you also don't need to do anything [though perhaps you should mention it in the privacy policy]

    * If you're using tracking cookies (for cross-site advertising), then the law is quite rightly targeting you. Basically that behaviour is pretty evil, and although you can persuade the user to waive their privacy rights by "accepting" the tracking, this shouldn't happen.

    * 3rd party analytics (eg Google) and non-tracking advertising are the grey-areas.

    Here's a simple test;: if the average geek would consider your cookie beneficial to him, then you don't need to ask for consent. If you think the average geek would prefer to reject your cookie, then you do need to ask for consent (but you shouldn't be using that type of cookie anyway).

    Another way of looking at this: very few businesses work with the "free content, ad-supported" model. Some do (eg The Reg; Facebook). But, If you aren't reliant on advertising, then this rule doesn't affect you, (or you are completely incompetent.)

    1. Anonymous Coward
      Anonymous Coward

      Re: Why the fuss?

      Actually what you describe is just one of the ICO's interpretations of the law, not the law itself.

    2. Just Thinking

      3rd party analytics (eg Google) and non-tracking advertising are the grey-areas.

      You ask why the fuss? That's why.

      Most sites don't implement their own cross-site tracking, because most site owners don't control or influence large numbers of sites. Many sites use Google for adverts and analytics. It's the ambiguity over Google et al which is causing the concern.

      That is all assuming the rest of what you say is actually how the law will be interpreted. This still has the capacity to become a weapon for those with wealth or power to use against websites they happen not to like.

    3. Wibble
      Thumb Up

      Re: Why the fuss?

      @Richard Neill

      Well said. Good summary and very much the approach I take.

      AFAIK the Google Analytics cookies are fine. I'm not at all bothered by this as everyone uses them so the information commissioner's hardly going to pick off one site for that.

      Also, don't forget that HTML5 allows local storage of name=value pairs and also local databases. I'm sure these also apply in the same way as cookies (which aren't mentioned in the legal text?).

  22. Andrew Jones 2
    FAIL

    Some of you are claiming it should be down to the website developer to sort out this cookie mess - but you are clearly thinking that every single person with a Website in the UK is a talented web developer can write PHP, HTML and Javascript in Microsoft Notepad. You are completely wrong - a lot of websites are built by instant site type software, a lot of CMS / blogs like joomla etc don't have any option yet for switching off cookies... and then you have problems with dropping code from twitter, facebook, google etc onto your site - in many cases just using a iframe. What about the Met Office? they allow you add a Met Office widget to your website - I'll bet you that transfers a cookie with it. It's not like it's a law that only targets UK business either - as far as I know (though the law is pretty vague) it affects ANY UK website regardless if it's a charity, business, hobby, recreation site. I agree with other posters - this SHOULD be down to the browser manufacturers - it doesn't even need legislation - the browser that gets it right starts getting market share leaving the other manufacturers to play catch-up - and they will - because they have to - in order to stay relevant.

    1. Destroy All Monsters Silver badge
      Big Brother

      I don't know what kind of state worshipper would downvote such a post, so I upvote.

    2. Wibble
      Boffin

      3rd party cookies, internet exploder, and IFRAMEs

      IE doesn't allow third-party cookies in IFRAMEs. This is Microsoft's solution to security; disallow cookies by default.

      http://stackoverflow.com/questions/389456/cookie-blocked-not-saved-in-iframe-in-internet-explorer

      (BTW the P3P doesn't always work so you need to implement other solutions for session management if you really have to use this)

  23. David Moore
    WTF?

    Argggghhh

    I came back to developing about 6 months ago because the tools dont do my nut in anymore - CSS3 is lovely, HTML5 is ace + ruby is both simple and powerful.... then this happened. It's clearly written by people without 0.1% of a clue how the internet works.

    How do I track if someone doesn't want to keep the cookies?

    "What we need is some sort of extra file which is stored on the client from session-session to specify if cookies should be used. And they should be called biscuits not cookies"

    ... what he said ^^.

    The alternative is a style-destroying bar of doom on every website. It's ridiculous. Well done Brussels.

  24. Andy Fletcher

    We gave UK websites a year long lead in period to comply

    This is a bit of a joke isn't it? I haven't receieved any formal notification about any of my sites needing to be compliant. Surely the onus is on the regulator to make potential offenders aware of changges to the law. Or does the UK Gov somehow know I read the Register and believe that to be ample notification? Maybe they're reading my comment right now!

  25. JMB

    What I find annoying is that a lot of sites are putting up banners saying that you must accept cookies to use the site with a button to accept them but most work perfectly OK without cookies. I just wonder if I am going to continue to get this annoying banner.

  26. Anonymous Coward
    Anonymous Coward

    Free and gratis

    You may freely use the following ICO-compliant text which ensures that your website users have given explicit consent:

    "This website uses cookies. If you don't like it, naff off!"

    (As seen on the Archbishop of Canterbury's personal website)

  27. Dan 55 Silver badge
    Flame

    Message to El Reg

    Don't make the banner slide up, just make a single ignorable line appear at the top of the page until dismissed with a click.

    The main site is irritating but the mobile site is fecking annoying now. I'd rather not have everything grind to a halt while the banner slides up, is tapped, then slides down again.

    1. Cameron Colley
      FAIL

      Re: Message to El Reg

      Further to that the "normal" site which used to be browsable on my old "feature phone" is now unusable on it due to a huge popup which will has no button to dismiss it and blocks up to 90% of the page.

      My phone shows me your adverts too (PCs always have AdBlock) and I used to use it to browse your site at least as much as my PCs so you'll be losing all my "ad impressions" if you care.

    2. Dan 55 Silver badge
      FAIL

      Re: Message to El Reg

      A couple of things I forgot to mention (Icon is for me)...

      1) No sliding banner effects, just make it appear at the top with the rest of the page when loaded and disappear when clicked/tapped on.

      2) No button, just a click or tap anywhere on the banner will make it go away. Opera Mobile, for example, zooms when you tap in an area with lots of links and it's not clear which one you wanted to tap. It just so happens that the putting the button in a layer above the page (with the page's usual links below) means it decides you've tapped in a crowded area and it zooms instead of dismissing the banner.

  28. Callam McMillan
    FAIL

    The answer?...

    I run a small personal website, and despite researching the issue I couldn't really make heads or tails of what is required of me to comply with this joke of a law. So I put up a notice asking if you want to accept cookies. Clicking 'No' brings you to this page: http://www.callammcmillan.com/nocookie.php with an appropriately curt message.

    As with most things that come out of Europe, this law is stupid, ill thought out and of benefit to absolutely nobody.

  29. Allan 1

    Banks

    My bank simply said (from memory)..

    We are required to inform you that our online banking system uses cookies to maintain security, manage your login, and deliver targetted adverts from selected partners. We are also required to inform you that you may opt out, however, opting out of any of our cookies will make our online banking service unusable.

    Strange that I had blocked their "targetted advertisment" cookies ages ago, without ill effect.

    Scaremongers.

    1. Wibble
      Joke

      Re: Banks

      What's the Cockney Rhyming Slang translation for Merchant Banker?

      1. Bradley Hardleigh-Hadderchance
        Joke

        Re: Banks

        What's the Cockney Rhyming Slang translation for Merchant Banker?

        Chancre?

        Usage:

        "He was a right ol' bleedin' chancre, guv".

  30. nijam Silver badge

    Is there a Firefox add-on that replaces the content of all cookies I receive with bulky random garbage?

  31. Camilla Smythe

    Fnar Fnar

    "The Register uses cookies. Some may have been set already. Read about managing our cookies.

    Please click the button to accept our cookies. If you continue to use the site, we'll assume you're happy to accept the cookies anyway."

    Cookies blocked.

    Whatcha gonna do?

    Go off into the 'sulky corner'?

  32. Camilla Smythe

    Fnar Fnar

    "The Register uses cookies. Some may have been set already. Read about managing our cookies.

    Please click the button to accept our cookies. If you continue to use the site, we'll assume you're happy to accept the cookies anyway."

    Cookies Blocked...

    Browser remembers my pissword so even though I am not 'logged in', as per your now missing cookie, I still get to post again.

    Fnar Fnar

    1. Anonymous Coward
      Anonymous Coward

      Re: Fnar Fnar

      We'll accept a post with a valid email/password, but without cookies you need to supply it each time.

      If your browser chooses to remember and pre-populate those fields (a) we can't control that and (b) we don't see this as a problem.

      1. Anonymous Coward
        Anonymous Coward

        Re: Fnar Fnar

        Only one problem, that's one of the bits that does not work.

This topic is closed for new posts.

Other stories you might like