I would never believe this would actually come in to effect, as I always thought it was some stupid idea that someone with too much power and little knowledge of the Internet came up with. Most UK government websites have yet to comply. But after seeing how the BBC's own website is complying, I'm not so certain.

I thnk it's not something individual websites should have to do, it's one of the many warnings that come with using the internet.

While cookies are most useful for log-in members sites and shopping carts, a user can be assumed to be agreeing to site policy because these devices won't function without them. But what the use of cookies for simple tasks like checking and preventing direct off site linking, like the type that spam software uses on our web forms.

I'm glad that our sites aren't of the UK type.

I don't think anyone in the UK cares about this law. People haven't heard of it, and many of those who have are waiting to see how everyone else responds.

EU and UK cookie law

They should put their energy in finding solutions for the European crisis (which is hard to solve because of, amongst others, some stupid European laws and regulations) instead of coming up with new laws that again harm a part of the economy.

When compliance becomes a time wasting headache for "the protected", by forcing casual browsers or site visitors to endlessly consent to cookies - even when they revisit the same site (because cookies are often auto-deleted and/or new IP addresses assigned) - the backlash will begin.

chrisv1963 - in the internet context, they would be far more use enforcing the law against email spammers who send out junk to people who have never opted in to their garbage and causing some people to waste hours a week processing and deleting it. The law is there, the enforcement is not. My mail server blocks innumerable emails to addresses scraped from places like US domain registries, virus-infected computers and such.

It would also be nice if they took some action against all the evil bots, scrapers and virus-injectors that abound. I could give them a list!

One thing they should not be doing is trying to block the use of cookies, in which they can never succeed world-wide. Let the browsers handle that trivia. Go instead after (eg) google privacy invasion, which is a serious and escalating problem.

How will Google adapt? Adwords and Adsense publishers want to know.

How should I react? My sites(files, servers) and I aren't based in the UK but do welcome U.K. visitors.

That's the way the cookie crumbles.
Sorry -- I had to say it before someone else did.

But seriously -- I don't know how the actual law is written - I wonder if they covered .SOL (Flash stored local object) files which are not technically "cookies" files, but work in much the same way and can be far more intrusive.

I have had a prominent site with a cookie consent form now for over 2 months. The site is not able to be accessed by anyone , no matter from which country, unless they consent or decline to accept my site's cookies.If they decline, I produce a cookie free version of the site.
I was always anxious that the obvious percentage of people clicking back would affect my serps.My rankings have dropped a little so it maybe the case.
(I unistalled my google analytics for the site because google's privacy policy was incongrous with this website so cannot tell the amount my click back rate increased)

What I can be categorical about is that revenue has not dropped at all and has increased.
This comes as a complete surprise to me.
Perhaps shoppers are more sophisticated than first thought and welcome the upfront honesty

How unfeasibly ludicrous. They take no notice of genuine threats, but just mess about on the edge instead. This is like the police hassling people for picking primroses whilst ignoring people (wearing masks and stripy tops, carrying bags marked 'swag' over their shoulders) breaking into houses. I don't happen to serve cookies, unless a user wants a shortlist, in which case it's the best solution. Why should I waste my time explaining the technicalities (free of charge, yet again... but the knowhow isn't acquired without tedious application)? They aren't in the slightest interested... their eyes start to glaze over the second anything slightly technical comes into play, even if it's something which could help them make cash. How can we expect any meaningful comprehension of this? In short, we can't.

Now if you all wanted to have 'a spot of fun', when people reject the cookie they should automatically be redirected to the government site directly to the page about the EU cookies.

Talk about quickly bringing a server down ;)

I wouldn't look forward to having to click "Okeedokee" over and over again. I went through that once, a long time ago, with a now-forgotten piece of virus protection software I installed. As for "informed"? I suspect that'll be informed to the same degree users are informed when they click "I agree" to those omnipresent long-winded seldom-read TOS. Eventually, a mind-numbing "[domain] is about to install a cookie...Do you agree?" [Yes, would you puhleese quit bugging me?]

"...when people reject the cookie they should automatically be redirected to..."

I wouldn't look forward to having to click "Okeedokee" over and over again.

The original intent of cookies was to enhance the user experience of a website, e.g.- remember they were there before and what settings they chose, or allow the user to do or download something once, twice, but maybe not three times [for free], etc.

The cookie was the answer to preserving "state" in the stateless environment of HTTP client/server interaction.


The problem, and what I'll call "the pendulum" here has swung wildly in a direction where the user's experiences often are not enhanced at all -- but the site's, and more often the marketer's tracking of the user is greatly enhanced -- at a cost to the user in terms of privacy.

The overwhelming number of cookies laid onto a user's computers soley for the cookie maker's benefit has rendered the idea of having a single setting which allows all websites to deploy all cookies onto the user -- presented as a better option than the user having to "waste their time" by accepting [or rejecting] the cookies one at a time.

This wearing down of the user's patience has spurred such anomalies as Facebook -- a site which collects every action the user takes, every word they type, every photo they upload and offers to share (what isn't theirs) with every other user -- as the cookies pile up and help Facebook profile the user not only on Facebook, but on other sites -- none of which could be done without cookies.

The wearing down of the user in terms of accepting cookies has made Google billions of dollars as they systematically make large corporations billions more dollars and wipe out the livelihood and profits of smaller business people -- again, something that would not be possible without the user accepting cookies.

"The pendulum" has swung so far in the opposite direction of "enhancing the experience of the user" towards "taking advantage of the user", that a mechanism needed to be put in place as a countermeasure.

I for one hope "Informed consent" means that a site will need to explain exactly what each and every cookie is used for, and that it's required to be in very specific language.

No more "This site uses cookies to enhance your experience of our site. You may not be able to use all features if you do not accept this cookie. Accept cookie? [_]Yes, [_] No" type messages.

Imagine a pop-up informing the user, "Our system is about to place a cookie on your computer. This cookie will not enhance your use of this site, but will give us valuable marketing data about you. Our intent is to aggregate this data and share it with our 'partners' so we can create a comprehensive profile of you and couple our tracking cookie data with information you enter into forms, files you download, contacts you make, and then cross reference that with any personally identifying information we discover on this and any other site in our network of partners. We will store that information for the rest of your life, and will sell it over and over again to anyone willing to pay a fee. Accept this cookie? [_]Yes [_] No."

Until the pendulum swings a lot further towards the user's benefit -- or at least settles at the halfway point, I hope cookies and any other technology used for covert tracking and nefarious data collection are exposed to the light of day.

We've had this 'law' in place for a year or more now, they gave us a 'grace-period' in which to comply, It's ridiculous, it doesn't touch any of the real problems concerning privacy and is at best a pain in the rear, at worst, another example of laws created to affect the little people.

Thanks to Criteo, DoubleClick, AdRoll and the plethora of companies that set cookies in order to lurk just behind (or ahead) of the internet user, serving them targeted advertising based on their browsing behaviour, we now have this ridiculous situation in the UK.

Yet, because, in the main, they're not EU based, then their cookies can stalk a user with no consent.

Twitter have just implemented this stalking feature as well, no consent required, just an email informing the users that they will now be stalked.

Sometimes, I just shake my head.

I haven't read the law but what happens if an EU site installs some tracking software from the US?

Does the US tracker need to comply with the EU law?

Would seem to be a simple way to bypass the issue.

@incrediBILL: The EU sites also have to inform users about 3rd party cookies and aren't even allowed to use non-EU third-party extensions if they don't comply with EU law.

Google analytics privacy compliance is a hot topic in this area for example.

Here's where the official info on "the cookie law" appears to reside.

New EU cookie law (e-Privacy Directive)

The law which applies to how you use cookies and similar technologies for storing information on a user’s equipment such as their computer or mobile device changed on 26 May 2011.

[ico.gov.uk...]

Note the "We want to give you a cookie" notice at the top of the page:

The ICO would like to place cookies on your computer to help us make this website better.

Yeah, that tell me a lot.

There's a lot of info there, so much that I have no clue what the specifics of the law are.

Someone needs to pass a law that all "laws" must be 200 words or less and easily understood by a 14 year old.

Its not that difficult is it?
[ja.net...]

Some good information here

[ico.gov.uk...]

Especially in the video. I almost feel sorry for the ICO - reading between the lines, I think they understand the issues, and know this law is crazy - but it's become their remit to enforce compliance with a law created by people who don't understand the issues.

They make it pretty clear (03:15 in the video) that there's almost no danger of publishers being fined provided they don't do anything silly (like publicly saying they've no intention of complying with the law).

ICO have also made it a pain for people to report a site - they have to fill in a BIG questionnaire - so hopefully that will put people off making complaints.

One bit that I did find funny in the video was at 06:25 where he tries to convince us that it's a good thing that the UK has implemented this directive, when the rest of Europe hasn't bothered - so our competitors outside the UK don't need to waste their time on this - and can spend the time growing their businesses instead. Only someone in the public sector could see unnecessary red-tape as a "good thing".

I for one hope "Informed consent" means that a site will need to explain exactly what each and every cookie is used for, and that it's required to be in very specific language.

What about embedding services from offshore providers (a hosted forum in an iframe for example)?

Its not that difficult is it?

No. Took about 45mins to write and integrate on to our UK site. But we have over 150 websites so if we continue the roll out it will take up days. What's annoying me more is ...

no-one else seems to be doing it!

None of the sites I've visited since the 26th, including large retailers, have the notice up. If there is a mass protest going where we all refuse to do it to prove it cannot be enforced then count me in. But I haven't heard anything. Surely large retailers have heard about this coming?

As I wrote in a parallel thread..
France is characteristically ignoring the EU directive ..all Government websites ( dot gouvs here ) and all others large and small are setting cookies as usual ..both direct and 3rd party like G analytics etc ) and not warning anyone , nor asking..nor in many cases even mentioning cookies anywhere on the sites..

Then again ..I didn't expect that they would..;-)

If these politicians in Brussels were so smart then why did they give the administration of what should have been the EU's ccTLD to a third rate, mickey mouse ccTLD registry that managed to banjax the damned thing? Do these EUnuchs really think that we care about what they "think" about technology and the internet?

The message from the internet, so far, to these EUnuchs is simply this: Screw EU! (That's the clean version. ;) )

Regards...jmcc

Looks like it's much ado about nothing:


Not sure if I can place a link here, I will, if it gets removed, go to the UK guardian website and search there for ico cookie.

[guardian.co.uk...]

But after seeing how the BBC's own website is complying, I'm not so certain

Hoooolmes! ...bbc.co.uk is saving cookies on my machine without asking...

On a separate note, the one thing I'll be looking forward, the ways people are going to ask for permission. I'm sure there will be some worthy of passing around.

as usual, the most "anti-european" country, UK, are the only fools implementing yet more Brussels drivel. All those countries who are SO enthusiastic about the European dream, the message, the roadmap to EuroHippiedom, nah, not so keen, eh?

@incrediBILL: The EU sites also have to inform users about 3rd party cookies and aren't even allowed to use non-EU third-party extensions if they don't comply with EU law.

how come amazon.co.uk are getting away with this?

they have installed 16 tracking cookies on my machine without consent!

I'm going to complain about them now



BTW: anyone who wants to know why this law is in place should google "collusion firefox addon"

None of the sites I've visited since the 26th, including large retailers, have the notice up.

Why would they? Im sure there are many areas of non compliance with various acts relating to IT...data protection act, misue of computers act, etc etc why would they priortise this one?

Baby, bathwater...
Sledgehammer, nut

As usual, an idea with some basis in common sense gets turned into an unworkable law by people with too much time on their hands.

As colleagues here have said, you would think the prime focus would be in encouraging business to thrive in light of the EU-wide recession, rather than placing more EU-wide issues for businesses to comply with.

The 'implied consent' UK amendment seems to bring a small amount of sense to things.