{{ searchResult.published_at | date:'d MMMM yyyy' }}

Loading ...
Loading ...

Enter a search term such as “mobile analytics” or browse our content using the filters above.

No_results

That’s not only a poor Scrabble score but we also couldn’t find any results matching “”.
Check your spelling or try broadening your search.

Logo_distressed

Sorry about this, there is a problem with our search at the moment.
Please try again later.

With the EU e-Privacy Directive's compliance 'deadline' just a month away, many businesses are wondering not only what they should do about it, but also how the law will be enforced by the ICO. 

While working on our EU cookie law guide, I spoke to Dave Evans, Group Manager for Business & Industry at the Information Commissioner's Office (ICO). 

I asked how actively the law would be enforced, the likely penalties for non-compliance, and whether implied consent solutions would be acceptable. 

What was the thinking behind the EU e-Privacy Directive?

It’s important to remember that the cookies rule is just part of a law aimed at safeguarding privacy online and protected web users from unwanted marketing. There have been growing concerns over the past few years, and the directive sought to address those. 

Organisations providing content are obtaining information about users and people have started to become more aware of the sophisticated techniques being used for internet marketing. The 2003 directive wasn’t doing enough to deal with this. 

Organisations that collect information need to obtain people’s agreement, and you have to tell them what you want to do with it.

So the aim is to protect user privacy, and ensure that they are giving informed consent for using their information.

Once this directive had been passed, we wrote to the UK government and pointed out that, the way it was worded, consent for cookies is not so straightforward.

Legislators left it broad, and there was no steering on cookie issues. Exemptions for strictly necessary cookies were not drawn widely enough.

Have you attempted to find a balance between business needs and the law? 

This was one of the first things we thought about. We’re here to educate and to promote good practice. If all we did was to slap fines on people, we wouldn’t be doing our job properly.

We will enforce the law proportionately. We’ll look at the risks if and when customers complain to us. If a websites’ cookie and privacy is a risk to many people, we may then take action.

There is a balance to be struck though, as not all cookies are equal, and our enforcement approach will bear this in mind.

For example, someone may complain about a cookie placed without their consent, but if it was just used to remember essential details rather than to gather information to be used for marketing purposes, then it may not be appropriate to act.

The first question we will ask is: have you tried to sort this out yourself? If they don’t want a particular cookie, then they could use browser settings or security software to get rid of it.

It’s highly unlikely that organisations will get into trouble because of one cookie or just a few complaints, but we would seek to address any potential issues with the company concerned.

In these situations we would be more likely to provide advice to the organisation. It is unlikely (though not impossible) that we would take action just for analytics cookies.

Will 'implied consent' solutions be enough in some cases?

The law does allow us some leeway, and if a company’s revenue would drop if it went for a strict opt-in, then we could look at different ways of educating users and gaining consent.

Just because analytics cookies are caught by this law doesn’t mean a strict opt-in is necessary. It could, in some cases, be seen as an essential part of the relationship.  

Organisations can help themselves by informing people and providing decent information about cookies. For the last eight years or more, this has been hidden away in privacy policies which only a minority of internet users ever read.

Therefore, can you be confident that your users know about cookies? In the medium to long-term, if lots of websites are more transparent about cookies and privacy, then users will become more informed and it will be easier to assume knowledge. 

If we can operate on the basis that, since a website has made efforts to inform customers, and through this collective education process, people understand how and why online businesses are using their data, a website could claim with some justification that since we made it clear, and they are still using our website, opt-on consent may not be necessary. 

It will take time to get to the point where most web users are aware of this, but this clarity of information may fill that gap for some websites. It may eventually become an implicit part of the relationship that websites gather and use analytics data.

For example, they could say, well we have given this information, and we’re in the process of looking at consent models. 

We’re not there yet, and much will depend on the collective efforts of websites. Some will go down a stronger route than implied consent.

If a website says ‘we’d like you to use cookies, but click here if you don’t want us to, and click anywhere else to continue'. If customers have seen this message, then this may be enough in most cases.

However, if companies aren’t making this information visible, then they are taking a risk.

On the other hand, it we received a complaint, then go to the website, and it’s difficult for us to say that the user hasn’t seen this, then have to judge such a complaint on the balance of probabilities. 

If it looks like an organisation has put enough information there, and it is clearly visible, such that it wouldn’t be likely that users would miss it, then it’s unlikely we would take that further.

What about examples like BT's slider tool for opting out of cookies? Would this be enough to comply? 

It looks perfectly fine, though I’ll hold back on passing judgement as it has only just been rolled out. We know how much time and effort BT has put in though, and we also appreciate that this is beyond the capabilities and resources of some companies.

Will you actively enforce the regulations after May, or wait for complaints?

We have a team of investigators, but we won’t necessarily be trawling the internet looking for abuse of the directive. In time, we may choose to look at particular sectors to see how they are informing users, based on the information we have received.

Enforcement won’t be driven by individual complaints though, and how we deal with this may well depend on the response from business. For example, if someone says, 'we’re not doing anything about this', then we may pay them more attention.

All of our enforcement actions are likely to be in the form of negotiations. If people listen to our advice and are prepared to take steps towards compliance there shouldn’t be a problem,

However, if businesses deliberately stop short of total compliance, then there is a risk.

For us, the issue may be that, if an online business has taken some steps towards compliance, and they don’t 'bother us', then that’s OK. However, if we receive a number of complaints it may be a different story.

How likely it is that complaints will flood in, we don’t know. It may be that the great British public simply isn’t that concerned about cookies.

If users are happy and we receive no complaints about a website then we have other things to be doing anyway.

If we had an enforcement team dedicated to looking out for abuse of cookie laws, then people would rightly ask questions about the ICO’s priorities.

Will you come up with a definitive answer on what compliance is? 

We don’t know what compliance will look like in a year’s time.

There are lots of gaps here, and we want people to fill them with good practice. We can then point to examples of this and everyone will have a greater understanding of what is required. 

We hope that this will pick up over the next month or so.

Will you make allowances for the cost in time and resources required to make the changes to websites in order to comply? 

We know that not every website can just switch its website off on May 25 and implement changes. We will bear redesign schedules in mind.

There’s no point in rushing through a solution if a revamp is coming soon anyway. 

Graham Charlton

Published 24 April, 2012 by Graham Charlton

Graham Charlton is the former Editor-in-Chief at Econsultancy. Follow him on Twitter or connect via Linkedin or Google+

2565 more posts from this author

Comments (44)

Comment
No-profile-pic
Save or Cancel
Avatar-blank-50x50

Rob Hodges

Well that's cleared that up then....

over 4 years ago

Avatar-blank-50x50

Andy

What a mess.
As if it wasn't completely unclear already, now it doesn't even sound like the ICO know what they're going to do in a months time.

This is going to be fun explaining it all to our clients - "yes your site's technically breaking EU Law, but it's prob OK because they're not yet entirely sure what constitutes acceptable compliance".

This isn't even going to address the concerns people have - Google will still know everything about us, Facebook will still mess with our privacy and Amazon will still require us to accept whatever so they can target marketing data.

What it will do is reduce confidence in the websites of EU companies and make them less globally competitive.

Thanks.

over 4 years ago

Avatar-blank-50x50

Russ

I've heard some relaxed statements from Regulators in my time, but that one is truly horizontal.

over 4 years ago

Avatar-blank-50x50

Mark Thomas

What an absolute joke. Rest assured the UK will be the only country that enforces this and how long before somebody gets dragged off to prison in Portugal or Poland under a European arrest warrant because his site had cookies that he didn't even know about and simply failed to post the correct notices.

This is ridiculous EU meddling at its worst and perfectly illustrates why the whole European project is a disaster.

over 4 years ago

Avatar-blank-50x50

Mr 0a

Translation - this law is stupid and non specific and we're embarrassed by it, and in any case 99% of websites will ignore it.

over 4 years ago

Avatar-blank-50x50

Grahame Palmer

Brussels (Strasbourg) says "JUMP", and the UK says "How High".

The rest of Europe shows them two fingers...

Like everything the EU directs regarding "policy", this is a mess. And we in the UK are too stupid to tell them to B.O.

over 4 years ago

Avatar-blank-50x50

Yannis Anastasakis

Not sure which made my day more... The admission that they only wanted to do good, but clearly didn't (and still don't) know how, or the superb comments above here... Fantastic.

over 4 years ago

Avatar-blank-50x50

Adam, Webmaster

I see http://www.number10.gov.uk/ has Google Analytics cookies, but no opt-in.

The 'Privacy & Cookie Policy' link at the bottom of the page does spell out what cookies are set and what they are for.

Once the deadline passes, we should all report this and all government sites which aren't strictly compliant. Once they see the damage to usability that strict compliance brings, then hopefully they'll become even more disinterested in enforcing these rules on everyone else.

over 4 years ago

Jonathan Kay

Jonathan Kay, Managing Director at 120 Feet

I actually found this to be rather useful, though do agree that the law is an ass.

So, if a client can get some way towards BTs [valiant] effort the chances are they will not have a complaint upheld and there's no need, at least for perhaps >1 year, to even consider opt-in.

over 4 years ago

Peter Leatherland

Peter Leatherland, Online Sales Manager at Ethical Superstore

“If all we did was to slap fines on people, we wouldn’t be doing our job properly.” I would have said introducing completely unworkable and vague legislation which is theoretically impossible to comply to (to opt out of tracking a cookie would need to be created to personally identify you!). Where there arwe difficult questions the answers come back with words like ‘could’ , ‘may’, ‘likely’ and ‘won’t necessarily’

This actually makes privacy worse because people will get sick of opt in messages on every page (they will need to be until the person has opted in because no cookie can be set until then) and guess what, they will just opt in to everything without bothering to read the policy.

I wonder if all other directives and laws covering other areas that I don’t have knowledge about are this badly thought out, makes you wonder…

over 4 years ago

Avatar-blank-50x50

Cocoonfxmedia

I think the UK will be the only company to enforce this. I have checked some of the largest German companies and non of them have an option to block cookies. The UK is the only country to delay enforcement.

over 4 years ago

Avatar-blank-50x50

Meriel Lenfestey

As a frustrated advisor on the subject of EU Privacy compliance, I'm very glad to see the ICO accepting the flexibility required and walking the impossible line between the EU and UK business. The last guidance (Dec) did nothing but create confusion because it teased us with implied and delayed consent solutions, but denied they would be acceptable for gaining consent. At least we now have a more consistent message around when they may be appropriate. It comes down to understanding the spirit of the law and applying common sense.
I've coincidentally written a blog post today ( http://www.foolproof.co.uk/cookies-update/ ) which suggests how companies decide on theright solution for them - assuming the same flexibility which Dave Evans is describing here.

over 4 years ago

Avatar-blank-50x50

NeilM

This has been discussed and chewed over for some weeks, especially recently. http://www.webmasterworld.com/uk_ireland_search_engines/4425150.htm

David took part in a video interview, which links from that thread.

On certain aspects, it's as clear as mud.

over 4 years ago

Avatar-blank-50x50

Depesh Mandalia, Head of Digital Marketing at Lost My Name

Maybe I've missed something but I think this is a good write-up.

It confirms a few key things:

1. The ICO are not going to come down hard on those that are trying to make this work
2. The ICO are not actively going to enforce this, its driven by user feedback (majority of cases outside of specific sectors)
3. Do best by your user/customer. If your user is happy, the ICO it seems, is happy (for now).
4. You don't have to be BT to make this work. Be clear and informative.

Finally I'll add that we all agree the directive should not have happened in its current form, lets draw a line under that.

Instead, work on your best interpretation (I'd start with what the BBC have done http://www.bbc.co.uk/privacy/bbc-cookies-policy.shtml) and make the effort and lets review the fallout in a few months - you have very little choice.

over 4 years ago

Graham Charlton

Graham Charlton, Editor in Chief at ClickZ Global

@ Depesh That's a good summary. When publishing this, i thought it would help ease some of the worries about the law and its enforcement.

We'll have to see what happens after May, but it seems that implementing a strict consent mechanism would be unwise, for the moment at least.

over 4 years ago

Avatar-blank-50x50

Martin Sloan

I agree that these latest comments from the ICO, whilst pragmatic and potentially helpful, are confusing given the its previous guidance.

I do wish that the ICO would issue updated guidance on this, rather than drip feed the "we're unlikely to take action" approach in interviews and conference presentations.

The are a couple of responses to these questions that I find particularly perplexing.

First of all, we know the driver behind the new regulations is to increase transparency and knowledge for users on the use of cookies. Yet the answers above suggest that the ICO's action will be driven by consumer complaints. But if people don't know how their data is being used or privacy statements are very vague and wide, how can they know to make the complaint in the first place? It seems to reward continued opaqueness.

Secondly, the ICO suggests that users should first try to "sort it yourself" and use browser controls or security software to deal with offending cookies. Yet the ICO's own guidance expressly states that browser controls are not an appropriate way of obtaining consent because they do not offer the necessary level of control and information. Has the ICO's position on this now changed? This appears to put the onus on the user to opt out - the complete opposite of what the new regulations were commonly understood to require.

As I say, if this is the approach that the ICO is going to adopt then this needs to be reflected by the ICO issuing updated guidance, so that website operators can be clear on what is expected.

over 4 years ago

Paul Walsh

Paul Walsh, Founder & CEO at Infinity Call Tracking

When it comes to the new EU Cookie law confusion reigns, despite the fact that the ICO (the Information Commissioner’s Office – the agency who will be responsible for enforcing the law) issued guidance on the new law in December, and that the Government Digital Service (GDS) have said how they are intending to comply. In fact, a lot of the confusion seems to come from two government agencies saying two seemingly different things.

Our recommendation is to follow the route GDS and even Econsultancy are and it involves the following steps:

Make yourself familiar with the guidance. It’s free, online, and contains actual examples of the sorts of things the ICO would like to see you doing.
Undertake a privacy and cookie audit.
Make it clear when and where you use cookies in a document that’s prominently displayed on your website.
Update your Privacy Policy, and display it prominently.

Read more on our Blog post: http://www.infinity-tracking.com/blog/2012/04/the-way-the-eu-cookie-law-crumbles/

over 4 years ago

Avatar-blank-50x50

Marc Liron

Paul,

I agree with the "simple" advice you make in your comment.

My day job is currently helping businesses perform Website Cookie Audits – so I know how much of a mess things are out there in the real world right now!

Small business owners are confused by these updated regualtions and even find reading the official ICO Guide hard.... I ended up having to write my own more user friendly one.

over 4 years ago

Peter Leatherland

Peter Leatherland, Online Sales Manager at Ethical Superstore

@ Paul Walsh I agree, I think it is just too impractical to comply to the letter as the ICO site does. I certainly wouldn’t want to encourage websites to break the law but if it is not actually possible to comply due to poor legislation then I just can’t see sites being prosecuted, they would have a pretty solid defence in citing the vague comments given to clarify by ICO, if the law doesn’t clearly specify what each type of cookie is allowed to do and when it is ‘essential to the operation of the site’ and when it isn’t then I just can’t see how they can prosecute. I would imagine there will be plenty of gov sites that won’t comply, would they challenge them?? And also for visitors to opt out your site would need to drop a cookie on the visitors’ browser, in turn doing something the user has just explicitly asked you not to do.

With no sites ever being prosecuted for breaking the Disability Discrimination Act/web accessibility laws so I doubt this will be put into action unless a website is really going overboard to break the law, i.e. malware which is something different to cookies anyway.

Just do what Paul said, update your policy and explain in simple terms what the cookies on your site are doing, link to third party policies (Google, Facebook etc), audit your cookies and have a clear link to the page.

I think when people actually understand about cookies they are less bothered about them, if you tell people they are ‘being tracked’ by Google Analytics they don’t like it, until you explain in Analytics you can’t see individual users. The thing that does gripe people, including me is behavioural advertising because the results of this are directly visible when you browse the web, and rather creepy.

over 4 years ago

Paul Walsh

Paul Walsh, Founder & CEO at Infinity Call Tracking

Im not sure why BT is a good example to the ICO as you cant slide it down to not use tracking cookies.... have a look on their site. (Dont get me wrong I like BT's implementation.)

But this seems to me like another example saying that in practice ICO think its fine to say that analytics cookies are strictly necessary; well as long as you make it clear to your customers or spend time an effort thinking about it...

Well that's how I read it.

over 4 years ago

Avatar-blank-50x50

Martin Sloan

Whilst we may see little enforcement action re the new cookies law in the short term, I don't think the comparison with web accessibility/disability equality laws is a valid.

The Equality Act is civil legislation - not criminal - you can't be prosecuted for breaching it and the Equality and Human Rights Commission, the statutory body tasked with promoting compliance, doesn't have powers to police compliance in the way that the ICO does (for example, it has no right to issue fines for non-compliance).

Instead, the onus is on the individual suffering discrimination to bring a claim against the relevant service provider. As litigation is both time consuming and costly, few claimants are inclined to take a pursue a claim in court, instead reaching a settlement before it gets to that stage. In any event, any action would only be effective in addressing the disability suffered by that individual.

As different issues can cause problems for different disabilities, bodies like the RNIB tend to work with organisations to educate and help address specific accessibility issues, with litigation assistance the fallback (see the recent action taken against BMI Baby in relation to its webiste).

In contrast, the cookies law is a specific piece of law that has been driven through by the European Commission and is intended (for better or for worse) to protect the privacy of all internet users. The ICO is, as with privacy regulators in other member states, tasked with enforcing compliance in its capacity as regulator and can issue fines for up to £500,000. The Commision would not have brought forward a new directive if it did not expect it to be complied with.

For that reason, I think it would be misguided for organisations to look to at the lack of court action in relation to website accessibility as a reason not to comply with the new cookies law.

over 4 years ago

Avatar-blank-50x50

CM

Here are a few questions that I still cant find answers to.
Does it only apply to businesses or also those little hobby sites running cms/bloggers? with or without adverts. Think about the ICO site, they don't sell anything or have 3p adverts but they still have it.

If I live in the EU but my server is in the states, if i block the EU, do i still need to comply.

over 4 years ago

Peter Leatherland

Peter Leatherland, Online Sales Manager at Ethical Superstore

@Martin Sloan – OK you may be right about the difference in the Equality act being civil legislation not criminal but it is a valid comparison and I think most webmasters will see it as similar (they aren’t legal experts and so probably won’t see it as different).

Although the ICO has powers to fine for £500k the complaint has to come from the users to quote Dave Evans “If users are happy and we receive no complaints about a website then we have other things to be doing anyway.” Although they may have the powers to do this without users complaining I doubt they could now after this has been publicly stated, also if you are being fined £500k you would get some good lawyers on your side who could probably pick the legislation to shreds (the fact it contradicts itself and gives no specifics on many of the items they would be bringing action on), and use some of the vague comments like this to back their case.

You said “The Commission would not have brought forward a new directive if it did not expect it to be complied with” – well just read what Dave Evans is saying above, they aren’t going to be bringing action, if they did they would have to go after every site with a Facebook like button or Google Analytics which at a rough estimation would take around 671 million years to go through legal proceedings with all these sites.

I’m not saying ignore it and take no action, just that the ICO has an impossible task to regulate such a bad directive.

over 4 years ago

Avatar-blank-50x50

Martin Sloan

@PeterLeatherland - the point is that once someone complains to the ICO it will need to investigate, and it has substantial powers. In contrast, there is no independent regulator under the Equality Act to pick up the baton.

I agree the ICO has an difficult task (particularly when privacy regulators in different member states are taking different approaches to what is required). As the interview above suggests, I expect the ICO will initially concentrate its efforts on the most intrusive cookies and websites that haven't even carried an audit of their cookie usage.

My comment that the Commission would not bring forward a new directive if did not expect it to be complied with has perhaps been misinterpreted. I was referring the the European Commission, not the ICO. Dave Evans speaks for the ICO not the European Commmission. The reason the new law came in is that the European Commission decided that the requirements of the old 2003 directive did not adequately protect users' privacy, so if there is no improvement under the new laws then it stands to reason that it will take further steps.

Whether those steps are a (further) amended directive, infraction proceedings against member states for not enforcing the new directive properly, or simply better/clearer EU wide guidance remains to be seen. By that time there will hopefully be an appropriate browser based solution, which will avoid many of the more problematic issues being encountered at the moment.

over 4 years ago

Avatar-blank-50x50

Russ

@CM - the law applies equally to all sites, whether businesses or hobby, regardless of whether ads are being run. Amateur bloggers on hosted sites running ads will be hard hit, as they are some of the people least likely to be able to control the delivery of 3rd party cookies.

On your hosting question, the Directive does not have any formal jurisdiction over non-EU servers, but my guess is if a 'webmaster/administrator' (a party having prime control over the 'content' of a site, to use a loose definition) is based in the EU, the site will be expected to comply. Blocking EU users is a harsh way of punishing yourself in my view.

over 4 years ago

Avatar-blank-50x50

geester

Just wondering if anyone has got any idea how this will be enforced regarding white label affiliate sites or domain parking pages? ie. UK company owns the domain name but everything running on it is owned and controlled by a third party based outside the EU??

over 4 years ago

Avatar-blank-50x50

Paul

There has already been a years grace to implement change to sites. The thing is if people haven't bothered then it is their fault. It is not as if this has suddenly been sprung on people, but there will be many who are non compliant because they couldn't be bothered.
I have implemented policies for sites I own to make sure that people have to physically take an action which by doing so means they have opted in.
Compliance puts myself and the sites I run at a disadvantage as people wonder what why wehn how about cookies. However, at the end of the day I'd rather be complaint and perhaps less competitive due to it so as not to risk a fine of up to £500,000 to me the pros of compliance far outweigh the cons. The ICo should act against web site owners who have not made the effort, that will then make others sit up take notice and comply.
As it is law and EU law as well the ICO cannot avoid taking action against non compliant web sites as to do so then promotes illegal activity.

over 4 years ago

Avatar-blank-50x50

Lee Carnihan

Most of what Dave says seems reasonable and reflects the realities of the web i.e. there is a lot of variation between websites in terms of what data they collect, how they use it, and what visitors actually want to know or be given a choice about, so trying to design a compliance programme to cover all bases is practical impossible.

One point I would like to pick up on though is that *a lack of complaints* isn't evidence of a lack of a problem, so I think the ICO needs to be clearer about how and when it is going to deliver proactive and reactive enforcement.

Regardless of what the ICO says, I think it's important (and easy) for websites to clearly demonstrate to their visitors what data they collect and how they use it, then give them an opt-in/out choice which enables them to make an informed decision. How that information and choice is delivered could take different forms, but essentially I would say a website still has to inform and give people a clear choice. If they do that, then serious complaints are less likely to arise.

But if websites avoid doing this or try to bury the detail then it could look like they are up to something devious (which doesn't help businesses to foster trust over an impersonal medium where there is a lot of concern about online fraud and identity theft).

over 4 years ago

Avatar-blank-50x50

Topaz

He says
"If a website says ‘we’d like you to use cookies, but click here if you don’t want us to, and click anywhere else to continue'. If customers have seen this message, then this may be enough in most cases."

So the questions are (and should have been asked)

Which cases will it be enough ?
and
Why not all cases ?

over 4 years ago

Graham Charlton

Graham Charlton, Editor in Chief at ClickZ Global

@Topaz - the questions were asked. No specific examples were given and Dave was (deliberately) vague about what would and wouldn't be acceptable since they don't really know themselves.

The ICO's guidance does give an example screenshot showing this type of approach, and I think it would be a 'defensible' position to follow this example but, as with all ICO advice around this directive, nothing is certain.

over 4 years ago

Avatar-blank-50x50

Steve

If I am reading between the lines correctly. Any web site ‘visible’ within the EU will need to comply with this law. Otherwise it would be pointless in dare enforce? Right?!!
We only have 27 members, so unless we are heading big brother blocks, how does this affect sites I can see of non-members ie. the USA or (say) from Switzerland?

The current economic situation means we are desperate to engage with potential customers at point of sale (our online store) as we try to find ways of converting a site looker into a buyer. A pop-up or compliance ‘door’ acts like a red cross of the plague and will surely scare potential customers. “What is a cookie,? What am I Agreeing or not agreeing too?” levels of discussion is the last thing we need right now. No customer, no income, no income no business. Not rocket science is it?

If you show interest in my product, a cookie in this instance is a short life tracker while you move (with others) around my site. And if you do wish to buy from me, then you must by this fact ‘agree’ to give me details about yourself to ensure I can deliver what you buy from me?
A sale means I have more information than what any cookie and its short life can offer about you while looking over my site!! And this is itself covered by the Data Protection Act.

So what ‘exactly’ is the Opt in Opt out relevant with cookies when a web browser can be set to do this anyway?

over 4 years ago

Avatar-blank-50x50

Rob Stephenson

This is one of the most informed articles and discussions on this subject I have come across. I would certainly like to add to chorus of wonderment at a truly out-of-step law aimed at 21 century technology.

I'm in the relatively fortunate position of being part of a team which manages predominantly brochureware sites, so don't rely on direct income through it. That said, we merely use cookies to understand what visitors do on our site and use that data to improve and evolve the design and ultimately the user experience. Somewhat perversely, this law flies in the face of this well intended objective.

It is a crying shame there appears to have been very little in the way of any kind of open forum or consultation process to deliver an altogether more amenable solution for all parties concerned.

over 4 years ago

Avatar-blank-50x50

Maria

Hello Graham...
Wanna ask a question..
Is it possible if i deleted all my google account n other website related to it to ensure that I have no connection to Eu cookie law or whatever related to it anymore?
Does all my data will be deleted forever and i have no worried of being fined..?
Do reply please...

over 4 years ago

Avatar-blank-50x50

Ben

There are a number of jQuery plugins beginning to pop-up which help with compliance. You could do worse than check out Cookie Guard: http://cookieguard.eu
Wish there was more clarity on this - will we have to wait until there are legal judgements on specific cases?

over 4 years ago

Avatar-blank-50x50

Kit

This is the first I've heard of this; we have nothing like this in the US. So, hypothetically, if I code a free, open source blogging platform, and it's rolled out with an auto installer, and people who have no idea what a cookie is aside from a word used in the US for biscuits, they could be in legal trouble if they install it and it uses cookies? unless they show a user who likely has no idea what a cookie is a scary error message that asks if they want something they can't understand? How exactly is this supposed to be protecting anyone from anything?

over 4 years ago

Avatar-blank-50x50

paul

You would think that at least e-consultancy.com would endeavour to comply, wouldn't you, but no, it doesn't. I regularly check sites that I visit to see what their policies are like, and quite a lot of them, including health service and local authority sites, though they use cookies, don't have a policy at all, never mind one that complies, so I invariably fire off e-mails to webmasters pointing out the error of their ways, usually to no avail, so even webmasters can't be bothered with policies of any description.

over 4 years ago

Avatar-blank-50x50

Adam, Webmaster

@Paul,
Why should e-consultancy.com be especially likely to conform?

They have published blogs with suggested solutions - which is part of their purpose - but being a guinea pig for a flawed law is not.

You could even argue that as a large, well known site, not complying and waiting to see what happens is actually more useful to us subscribers than complying would be.

Being the 'webmaster' of a popular retail site, I would probably ignore any similar unsolicited emails too, unless they came from a recognised authority. Not because I 'can't be bothered', but because random emails from Joe Public, who don't know all the facts, are invariably wrong.

over 4 years ago

Avatar-blank-50x50

Mark Sean Elliott

I don't get it! Well I do understand the essence of the law but what I don't get is how this will be beneficial to the consumer/ EU companies.

IF all EU companies complied and a vast majority of confused consumers Opt Out (ala TPS laws) then surely:

a) this is forcing EU companies to be less competitive than their USA or other rival companies

b) means that consumers will have worse search results, with less interesting / relevant content = sending us back 10 years.

It seems utter nonsense, But then the laws relating to 'specifically shaped fruit' by the EU has now been revoked... perhaps Cookies will be saved next?

over 4 years ago

Avatar-blank-50x50

Herman Van Rompuy

For anybody who has actually bothered to check the settings on their browser and block cookies or use an extension like Ghostery this new EU cookie directive is an absolute pain in the backside. Every site I go to now obliges me to click on some blasted pop up every single time I visit!!

This must also be a nightmare for anybody trying to sell online, managing to scare or annoy potential customers right from the get go, so it's a another great pro business measure by the EU.

about 4 years ago

Avatar-blank-50x50

Neil Eneix

Great article, Graham. Good grief. I can see the frustration over opt in messages on every page begin. Be interesting to see what this looks like played out. Let the popups begin.
www.fannit.com

about 4 years ago

Avatar-blank-50x50

opt in

Promote Your Offer to over 900,000 HIGHLY-RESPONSIVE Ezine-Members.

You have been Invited to Tap in to our Private Stash. Thats Right, What Took 12 Years In The Making is Available to
you Now on a Silver-Platter. Purchase Today For $14.
95 To Receive A Double-Submission To 1,800,000 Ezine-Members.
Plus, Our Premium Global-Marketing Membership And Unlimited Access to
Our Silver Submitter.

almost 4 years ago

Avatar-blank-50x50

Jordan Bourland

We've got some clients in the UK and this has been a pain. Part of the process I guess though...

almost 4 years ago

Avatar-blank-50x50

cashcorpz

Swift Products Of internet casinos - A Closer Look

over 3 years ago

Avatar-blank-50x50

Jimmy Morgan, None at None

Can someone clarify what does it mean for global websites? Those who are not specifically targeting EU Countries?

almost 3 years ago

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Daily Pulse newsletter. Each weekday, you ll receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.