Watching the cookie crumble

There are many annoyances in the world – people get annoyed more easily than others, people get annoyed by different things. If there’s one thing that really does get on my nerves?


Who are these people?! They swan about, running the country like they own it, they go and preach to each and every one of us, what we should and shouldn’t be doing with our lives and money. Then they become hypocrites and go and do it themselves.

I feel you’re thinking – Paul, just get to the point. Okay.

EU Cookie Legislation. Almost anyone in the web development business would or should have heard about this. Brussels brought what can only be called this ridiculous law in last May, and the UK’s ICO decided that it wouldn’t start enforcing until May 26th, 2012. Essentially it’s going down the same route as emails; you have to opt-in to be able to receive cookies. The suggestion I have seen dotted around is that if your website uses cookies you should pop up a box or message when a user first visits, asking their consent to place cookies on their computer.

This law is flawed in so many ways, I really don’t understand how it became law in the first place!

Implementation guidelines and exemptions, or lack of
You know what? I haven’t seen a single clear, plain-English explanation or demonstration of what the criteria is to actually be compliant with this stuff! I also haven’t seen any clear, plain-English explanation of who is exempt. This excerpt is taken from the ICO website itself:

The Regulations specify that service providers should not have to provide the information and obtain consent where that device is to be used:

  • for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or
  • where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user.

What that says to me is that, effectively, any site that stores cookies is actually exempt from this thing. Does anyone see any different here?

The other problem is that, according to a BBC News article I read this morning, the Government is even going to miss the deadline! What’s the point in preaching to everyone else when you can’t even do it yourself? The ICO has even admitted:

In the interview with E-Consultancy, the ICO’s Mr Evans said there would not be a team of investigators seeking out infringing sites, but would act on complaints.

BBC News

I don’t know of anybody in the UK who has complained about cookie usage – so my bet will be on the fact that a small percentage will act, and there will be a small number of complaints (no more than there probably already is, anyway).

What about outside the EU?
Technically, any website not based in the EU doesn’t have to comply, as this is EU legislation. I don’t know exactly how that would apply to multi-server-farm-websites like Facebook and Google, but certainly any site hosted purely in the US surely wouldn’t be touchable, even if it was being operated from someone in the UK?

What’s wrong with users turning cookies off on their browsers?!
Certainly as long as I’ve been using the Internet I’ve always had the option and right to turn off cookies in my browser. It’s always been there. I understand that this legislation is mainly to target advertising networks who harvest data to enhance their targeting, but if users were really that bothered they would delve deep into their browser settings and start blocking these sites. It’s not difficult, and for those who don’t know how to do it – the Government would be better off educating them!

Overall – user data – you won’t stop it
This whole thing to stop advertising networks harvesting your data? It’s rubbish. What happens the minute you log on to Google, or Facebook for example? Your data is being collected somewhere, no matter what you do. If you click “No, I don’t want you to store cookies” on your favourite sites, you may as well cancel your Internet subscription and throw away your computer.

The HTTP protocol is a stateless protocol in itself – meaning that page by page, each request is a separate, brand new request to the server and your browser. To enhance that, you must send pieces of information which make up the user’s “session” – without this, there would be no Facebook, no Google, no shopping websites. These pieces of information are then sent via the HTTP headers, turning an otherwise stateless protocol into a state-aware system that you can use to keep users logged in and engaged with your website.

Leave a Reply

Your email address will not be published. Required fields are marked *