Not Giving Cookies Up For Lent

(link: text:
(image:×300.jpg alt: What are you giving up for lent?)
) What are you giving up for lent?

As some of you may have heard, or more than likely not…. there has been a bit of European legislation floating around that is due to come in to force in May this year, providing new rules on the use of technologies such as cookies which store information on a website user’s computer.

For the uninitiated, cookies are a small harmless text file which a website asks your computer to store. This cookie will be sent back to the website when you want to view a new page. There are multiple reasons why a site would need to do this, to help store the contents of a shopping basket, to remember whether you are logged in to a site, to remember what you have searched for on the site and provide relevant information. Other uses include tracking which pages on a site get the most traffic so we can look to improve content and the user experience.

The law as it stands

Since 2002 it has been law to provide information to users about how a website will use cookies, the information that will be stored and how we use that information. If you have a look on our (link: /privacy-policy text: privacy policy) page, you will see there is a whole section about cookies.

From May, this directive will in part be superseded by  a new directive which at a very simple level requires companies to ask users outright for their permission to store a cookie. If you interpreted this literally, users could be bombarded with hundreds of popups a day asking whether they accept a site storing a cookie on their machine. This would clearly harm web publishers, web users, who would be inconvenienced or would have to accept sites with limited functionality, and the online advertising industry which is worth billions in the EU.

So no more cookies then?

The situation could quite clearly become farcical but there may be a reprise. At the moment it is unclear what constitutes consent to store a cookie. It could be as unworkable as a popup from every site on the internet, or we could take the fact that a browser is set to accept cookies as consent. Modern web browsers allow users to set up rules about whether a site can store cookies, run javascript code, display images and a multitude of other settings which you can tailor to a level that suits your views on privacy and security on the internet.

Unfortunately, the UK seems set to adopt the directive in to UK law, word for word, with no addendum or clarification on what constitutes consent. We can take inferences on the government’s view though since the Department of Culture, Media and Sport have been working with browser developers on a browser based solution to the consent issue.

For now it appears that as long as users are correctly informed of what cookies are being used for and that this information is easily found on your website (through a link on every page for instance) that companies will not be breaking the law when it comes in to effect. (It could mean a fundamental change in how we build websites though!)

We have been following this for a while now and will obviously be following it even more keenly as the end of May looms ever closer.