EU Cookie Law Prompts Fear Among Website Owners

I was reading a blog post recently that outlined the cost to website owners of the EU cookie law which comes into force on May the 26th, as well as assessing the cost as well into the billions the article contained some interesting comments in the comment thread. One that really fascinated me was from a guy that was basically saying that it was about time permission was asked for and not just taken.

For those not familiar, the EU have for some time been trying to introduce laws prohibiting the use of Cookies on websites without the express consent of the user. A cookie is a small file that is stored on your computer which is usually used to identify you to that website should you return. Cookies are used most commonly in Google’s “analytics” service, which many website owners use to gather anonymous information about people who visit their website, what pages they looked at, how long they stayed etc. Essentially what we will be looking at is a situation where the cookie policy of the overwhelming majority of websites in the UK breaks EU law.

Many people have pontificated about how proposterous this situation is and what a mess it leaves webmasters in, but is this such a new situation. In Disability Discrimination Act (DDA) came into force and in a similar way website owners were told that their sites had to be DDA compliant. DDA compliance in theory meant no images (as users with a visual impairment may not be able to read any contained text); similarly many website owners were breaking the law overnight, and similarly there was a relative sense of hysteria in the lead up to the date the law came into force. Only nothing happened.

The law was unworkable and so, in the face of so many people (many¬†inadvertently) breaking it, there was no room to actually enforce the law. There lies the problem, the regulatory bodies responsible for policing much of our technology are completely out of touch with how it works, its true purpose and what it can and can’t do (take online piracy and torrenting as an example). The situation with Cookies is similar, the EU’s position seems to reek of paranoia and a lack of understanding of the logic and technology at play. Which brings me back to the comment about consent being taken rather than asked for.

Retail giant Tesco, upon launching their clubcard service, started a database called crucible which contains the shopping behaviour of everyone using clubcard (the service is in compliance with privacy laws). Our behaviour is monitored from the moment we enter almost every business premises on every high street, supermarkets spend untold sums on working out which products to place at eye level, where to put the sweets, the sandwiches, the frozen goods. Its not such a big deal, we kind of accept that when we set foot in somebody’s place of business we afford them a certain degree of consent to let them observe us, but in a fair way. If the EU were to apply the rules in the same way, I would argue that shop owners would need to pay people to stop you on your way into the store to ask your permission to observe you. Which doesn’t make a lot of sense does it?

Leave a Reply

Your email address will not be published.