Most serious UK websites, including this one, contain visitor analytics code that will be illegal in just over a month's time. That's my conclusion after studying the Information Commissioner's Office (ICO) guidance on the new cookie compliance rules planned for 26th May 2012.
My opinion? Crazy. Ludicrous. Pointless.
The ICO guidance says that websites must get "specific and informed...consent" from users, in order to legally use Web cookies. The more the ICO talks about this and 'clarifies' the law, the more it seems that the implications are monumentally onerous.
The law is being brought in to comply with European directive 2009/136/EC. It supposedly aims to protect naïve users from being tracked around the Web.
It's unclear why European lawmakers saw this as a huge problem requiring countless webmasters to invest time and money with no return. I suspect that there was just a vague unease about big companies such as Google and Facebook knowing too much about our surfing habits. I don't see a groundswell of citizen concern that would make this a worthwhile priority.
There are some exception to the cookie consent requirement, but they're pretty limited:
- For load-balancing
- Remembering shopping baskets
- Keeping user data safe (e.g., to verify online-banking identities)
The ICO would have website owners pop up a box to new users asking them to give consent to using cookies. Anyone who knows much about user behaviour will know that this idea is a total non-starter. Indeed, the ICO proved this to itself, after trialling the idea on its own site, as Aunty Beeb points out:
Since asking users to click a box if they agree to accept cookies from its site, the organisation says just 10% of visitors have complied.
Ten percent. That's hilarious (or it would be, if it wasn't so stupid).
Meanwhile, in a December 2011 press release, the ICO said it plans to:
...focus its regulatory efforts on the most intrusive cookies or where there is a clear privacy impact on individuals.
Richi Jennings, editor of Input Output UK, is also an independent analyst, specializing in blogging, email, spam, security, and other technology topics. His writing has won ASBPE and Neal awards. You can encircle him at +richi, follow him as @richi on Twitter, pretend to be his friend at Facebook.com/richij or just use boring old email: email@example.com.