{{ searchResult.published_at | date:'d MMMM yyyy' }}

Loading ...
Loading ...

Enter a search term such as “mobile analytics” or browse our content using the filters above.

No_results

That’s not only a poor Scrabble score but we also couldn’t find any results matching “”.
Check your spelling or try broadening your search.

Logo_distressed

Sorry about this, there is a problem with our search at the moment.
Please try again later.

If the Information Commissioner's Office has its way, cookies will soon be a lot less tasty to website operators.

That's because on May 26, the rules governing the use of cookies on websites in Regulation 6 of the UK's Privacy and Electronic Communications Regulations 2003 will be updated in to require that a user "has given his or her consent" to the placement of a cookie in accordance with a new European Directive.

Is this the end of cookies as we know them? Fortunately, it isn't. Because this requirement would utterly upend the workings of many modern websites, naturally there's an exception. In an advice document, the ICO explains:

The only exception to this rule is if what you are doing is ‘strictly necessary’ for a service requested by the user. This exception is a narrow one but might apply, for example, to a cookie you use to ensure that when a user of your site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, your site ‘remembers’ what they chose on a previous page. You would not need to get consent for this type of activity.

Since "strictly necessary" could be construed in many ways, the ICO notes that this phrase should be interpreted narrowly.

As an example, "The exception would not apply...just because you have decided that your website is more attractive if you remember users’ preferences or if you decide to use a cookie to collect statistical information about the use of your website".

Of course, "strictly necessary" is not cut and dry, even in this example. If a registered user of your website decides to save his or her preferences by clicking a button labeled as 'Save', wouldn't storing those preferences make it necessary to store them in some fashion? In this case, saving data via a cookie could reasonably be considered "strictly necessary" based on the user's behavior.

You're probably asking by now: forget about my cookies, what about third party cookies? The ICO and its EU overlords are still looking for "the right answers" around these, so the ICO "would advise anyone whose website allows or uses third party cookies to make sure that they are doing everything they can to get the right information to users and that they are allowing users to make informed choices about what is stored on their device." In other words, anything goes!

Which just about sums up the ICO's epic conclusion:

...we do not intend to issue prescriptive lists on how to comply. You are best placed to work out how to get information to your users, what they will understand and how they would like to show that they consent to what you intend to do.

At the end of the day, even though the ICO says "you cannot ignore these rules," it's obvious the ICO isn't going to be able to follow up on every report of a rogue cookie. Much of the time, consumers can't even reliably discern what a particular cookie does, and the cookies that have the greatest privacy implications are the third party cookies nobody knows how to handle.

As a result, the new rule appears quite toothless. This, of course, is a good thing given how misguided the European Directive is in the first place.

Patricio Robles

Published 11 May, 2011 by Patricio Robles

Patricio Robles is a tech reporter at Econsultancy. Follow him on Twitter.

2392 more posts from this author

Comments (6)

Comment
No-profile-pic
Save or Cancel
Avatar-blank-50x50

Rob Jackson

The ICO's own website has a 'Privacy Notice' link in it's footer which points to a description of what data GA collects. I'm personally going to follow what they do as what they say is so ambiguous it's useless.

Considering the UK digital marketing industry turned over more than £4 billion in 2010 I see this as a severe government failure to protect one if it's key growth sectors.

over 5 years ago

Avatar-blank-50x50

Jon Line

I will be personally checking the government's websites to make sure they obey the guidelines they have allowed to be imposed on everyone else.

over 5 years ago

Ashley Friedlein

Ashley Friedlein, Founder, Econsultancy & President, Centaur Marketing at Econsultancy, Centaur MarketingStaff

There's an excellent comment on this topic from Depesh at Tesco over in our forum - see http://econsultancy.com/uk/forums/best-practice/eu-cookie-ruling?page=1#forum_post_14291

Definitely worth a read.

I particularly enjoyed his point 7:

"The funniest thing? Well if you visit a website and reject cookies, then each AND EVERY time you visit that website you will be prompted on whether to accept the cookie; how else would the browser or website know that you'd already said no?!!! This on its own is likely to lead most customers to (eventually) opt in for the sake of their sanity."

over 5 years ago

Avatar-blank-50x50

Depesh Mandalia, Head of Digital Marketing at Lost My Name

thanks Ashley :-)

The very fact we're still debating the uncertainty won't be lost on the 'enforcers' I'm sure; my key concerns are how consumers will react and the impact on the company castigated and made an example of if this really lands...

over 5 years ago

Avatar-blank-50x50

Oscar Riera

@Ashley Friedlein: we'll this comment is not correct.

If you ask the website not to track you with cookies for statistics (per example), then the website is allowed to put a cookie to store that (and only that), as it is strictly necessary for the service.

That said (and this is my personal opinion), these cookies laws are completely insane and done by people who actually have no idea of what they're doing.

over 5 years ago

Ashley Friedlein

Ashley Friedlein, Founder, Econsultancy & President, Centaur Marketing at Econsultancy, Centaur MarketingStaff

@Oscar - yes, I guess you have a point there. However, I reckon users would be pretty confused about this whole area and would have no idea about what is 'strictly necessary' or not.

over 5 years ago

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Daily Pulse newsletter. Each weekday, you ll receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.