The UK is getting its online personal data protection wrong and it is harming businesses and consumers. New laws are being passed to conform to EU cookie regulations and existing data protection act is being ratified to ensure that the digital world is covered by data protection, but there is a long way to go.  

However, the internet is a global phenomenon so any damaging regulation for UK websites will result in users moving to overseas websites damaging our industry.


Data protection has long been a thorny subject. Everyone wants the ability to have their private data treated as such and not spread around or used against them.  

There have been laws on data protection in the UK for a long time, but the outdated 1998 version of the law was around before most websites that you visit today. It can barely justify itself as covering online privacy.

However in the last year the EU has introduced some new cookie legislation that needed to be acted upon by each local Government. Unfortunately the Department for Business Innovation and Skills (BIS) appears to have passed the buck on this by simply copying and pasting the ruling word for word.  

BIS claims that the wording of the law is not controversial, however the various interpretations of the law by different groups begs to differ. The actual wording of the law itself seems not in the least vague:

Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia about the purposes of the processing.

However the interpretation of what is seen as ‘consent’ is the long standing argument.  The IAB claims that simply by viewing the site with cookies enabled in your browser is good enough consent, as long as there is a privacy policy with information in it on the cookies given to you and telling you how to block them in your browser settings. However, privacy watchdogs disagree.

What is the impact of this law?

This law has many far reaching possibilities. If it is enforced every website that you visit will have to tell you if they are serving you cookies that aren’t necessary.  

This will almost certainly put a nail in the coffin of online display advertising as a medium to sell goods through clickthroughs (and possibly many publishers who are losing money). Behavioural advertising will be no more. You might cheer that as a consumer, but it will just mean that you will get fewer relevant adverts.  

Moreover, websites will still try and insist on giving you cookies by asking for consent. This will add to the confusion of users who are already distrustful of how their data is being used online and annoyance to those who have to continually keep pressing buttons saying that they don’t want cookies (despite how they’ve set up their browser settings).

More importantly, because the web is a global phenomenon, it would only affect UK websites (or at least EU websites if this gets passed in other countries). You’d be free to go and look at all the US websites you wanted to without any of these issues, whilst their advertisers are still passing you targeted adverts. That is assuming they don’t watch what we’re doing and think it’s a good idea

You may laugh, but Hitwise tells me that at the moment 164 of the top 500 most viewed websites in this country are not UK websites. (And don’t get me started on whether Facebook, Google, Yahoo, MSN, Bing, etc are UK websites, despite Hitwise claiming they are).

What is the impact of not having this law?

I can see where this law is coming from. Users don’t like it when they realise that they are being tracked across the internet.

One person in my office told me this afternoon that he was looking for a coat on a popular e-commerce website only to be shown an advert for said coat half an hour later on a completely different website. “How are they doing this?” he asked me, “They shouldn’t be allowed, it’s an invasion of my privacy.” This was from someone who was web savvy.  

Personally I like that I can have behaviourally targeted adverts at me as opposed to random ones (even if the “almost 30 and still single” ads on facebook cut a little). The real issue is that many users don’t even know what is happening and the EU law is aimed at giving them more information so that they can then choose whether they like this or not.  

This law doesn’t do that though, it will just add to the confusion that already surrounds cookies that is perpetuated by news outlets.

What should we do instead?

The issue clearly is a lack of understanding of how to preserve your privacy. Asking websites to give consent is clearly not a very good option. We have to improve the understanding of the general public on cookies and this is where the Government comes in:

  1. A mass awareness campaign at schools: When I was at school we had sessions of PSE (Personal and Social Education) where we learnt about unacademic things. Not all children do computer science, so this should be taught in an all encompassing option with children told about their browser security and how to alter it so that they can make their own informed decisions.
  2. The BBC should dedicate some Panorama time to cookies. It already has a very good ‘Webwise’ section on cookies, but I think that they need to go more mainstream. If we can get some mentions on Eastenders and other popular shows then that would be better. The BBC’s mission statement is to inform, educate and entertain. If we could get ITV, C4, Five and Sky to join in it would be even better.
  3. We need to petition browsers to make their settings more transparent. Firefox and Chrome update monthly and IE9 is soon to be released. I’m sure some clever bod could come up with a solution “This website is using a cookie that was last accessed on your computer at [site] on [date]” in the yellow bar at the top of the screen wouldn’t be too invasive (unless there was a lot of them).

We should be leading the class in educating our users on how to deal with the issues. The current solution will not do that.