dstiles - 11:18 pm on Mar 5, 2012 (gmt 0)

Some web sites push out temporary session cookies without the site owner being able to do anything about it (eg IIS web sites).

The law-makers, as usual, have screwed up by assuming that all cookies are bad and can be stopped by the site owner. My guess is that 95% of web site owners won't even know about this law and, if they find out, how they can stop the cookies. And, of course, what about non-UK web sites, which form the vast majority of UK-viewed sites (eg ALL of the major search engines and a lot of informational and "social" sites).

What is far more sensible is to let browsers block cookies by default, which is what Firefox+NoScript does and I believe other browsers may also do with a bit of messing about.

The down-side of that, of course, is that having blocked a cookie, that cookie remains blocked until the user goes through a lot of hoops to unblock it - and on some sites the number and name of such cookies is not easily determined. This results in ecommerce sites failing to work: no cookie, how can they keep track of what you've bought? And having tracked that, you then have to find the actual payment service's cookie and unblock that. At the moment, I can buy through one of my computers but no matter what cookies I allow I can't buy through another one.

For most web site owners, if they get a heavy fine for something they do not understand they will dump the site. Most web sites are not actually essential. Indeed, my half-dozen or so personal sites are not essential, although they do help people a lot. And most of those people are not in the UK. Go figure.