This week is Cookie week and ICO have already been busy getting their marketing machine drumming up awareness with several articles written by the BBC with numerous sound bites about what people should have done, should be doing, will need to do in the future.
XX has conceeded this is not an easy area to work in. Major sites use a vast majority of cookies for various needs and that evening auditing these is a massive challenge commercially.
The most significant nugget that I read today was that there is now an accepted level of implied constent from the user. We call me a total pleb who has never been on the internet but haven’t we been doing that since the very start? By looking on the website you accept the terms of usage and in most cases ignore the link in the footer which tells you what that actually entails.
My stand point is this.
- This is only relevant in the EU and websites are global
- We’ve always had privacy policies which said cookies were used
I will be encouraging all of my associates to update their privacy policies with encouraging and information plain English content instead of legalease and telling them to do absolutely nothing else.
This is taken from the ICO blog (http://www.ico.gov.uk/news/blog/2012/updated-ico-advice-guidance-e-privacy-directive-eu-cookie-law.aspx)
First issued in May 2011, the guidance has been updated to clarify the following points around implied consent:
- Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
- If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.
- In some circumstances, for example where you are collecting sensitive personal data such as health information, you might feel that explicit consent is more appropriate.
The law itself has been poorly written, overly complicated and doesn’t seem to have any solid reason or foundation for its existence.
Recently, articles have started to appear with guidance on what you should be doing in preparation. On the whole this has involved audits of what you’re using cookies for, writing them up in plain English for people to understand and updating your terms and privacy policies with the relevant information.
Why should we?
The idea of every site now having to provide some form of opt-in mechanism to work is lunacy. There are exceptions to the rule mainly sites using cookies for transactional purposes but it has yet to be clarified whether this will include tracking cookies.
There is a far simpler solution and in part it already exists.
There are billions of web pages and only a small number of browsers. To expect millions of people to fall in line with a law when it can be globally resolved by asking the assistance of the browser vendors would seem a logical solution.
The other glaring question is how to ask an international community to comply with a regionalised law. Virgin have started to do this with their blog, which is in its own right an eye soor.
I cannot see that little blog based out in Australia updating to meet these rules. What happens then? Will we have an EU firewall, shutting off sites that don’t comply?
I wrote a response to the article on netmag regarding the forthcoming laws on cookie dropping in the UK/EU.
Here is my comment:
As an industry we have seen these kind of regulations before and they get cast aside with great ease.
There is no internet police force because it would be like policing a nation of billions.
There is nowhere for this argument or regulation to go except for browser side. The fact that it wasn’t pushed there first is appalling. If you want to control the behavior of a website you do it with the viewing device not the site itself.
Think about your TV. If your favourite show comes in looking too orange, do you ring the network and tell them they’re streaming in a colour tone that doesn’t quite suit your taste? No, you grab the remote and change the saturation.
The browser is where this needs to happen purely by numbers, less browsers than sites/pages.