UK Websites and the EU Cookie Rules
by Jo Shaer, on June 20, 2013
On 26 May 2011, British companies were given 12 months to adopt an EU directive on what information they can store about visitors to their websites.
It's part of the EU Privacy and Electronic Communications Directive and at the crux of the new law are the ubiquitous 'cookies', little pieces of code that get left on a website to show that you have been there and so they can recognise you next time you visit.
Basically, a website must now ask permission of the user every time it wants to access personal information or log in details.
Which, in theory, is all very fine and dandy. In principle, no one wants anyone holding personal information about them without their permission and I wholeheartedly agree with the sentiment behind the law.
In practice, of course,it's a whole different kettle of fish.
Like most webmasters, I use something called Google Analytics for customer research, where Google uses the cookie to track what the visitor typed into its search box to find my site, where that visitor has come from, what pages they visited and how long they stayed.
So, I can remove the analysis package.
I work in Wordpress, a type of template which requires cookies in order to function properly. However, once a person has gone away from the website, those pieces of information no longer remain - unless that person has left a comment.
I can change the wording of my Privacy statement to reflect that. I can put a piece of code into the footer which 'flushes' away any personal information as soon as the person leaves the site.
But, the law seems to require me to put some kind of pop up onto any site that I have designed (and which belongs to a commercial business) asking permission to do even this.
My concern is for the usability of any site that has such a request. People are becoming more and more paranoid about their personal information and it's use... and rightly so with some of the hucksters around on the internet.
However, most people - especially those who are suspicious of the internet to start with and do not understand how it works - will naturally shy away from sites with such a request. There are no many people who will willingly give permission for the internet to have their personal details for nothing. That's the whole ethos behind the culture of the website opt-in box.
There are concerns that such continual requests could see British shoppers making future purchases from American sites which don't have this restriction.
I don't think any webmaster wants to deliberately contravene a law but this one is rather hard to actually put into effect without devastating effects on British business.
In the course of my research, I came upon David Naylor's site and an article which shows just what I mean about pop up boxes.
2013 Update - The lovely Robyn Banks - it's her name not what she does - of Adavista reminds me that "the pop up box depends on what info the cookie collects and how intrusive". Robyn deals with this sort of issue on a daily basis.