EU Cookie Law Confusion
The European Union has enacted a Cookie Law.
As you can imagine the legality surrounding the interpretation and implementation of the law is complex. As a tracking company, we are doing our best to keep abreast of developments.
One of the factors complicating the situation is the fact that there are EU laws and individual European country laws.
We've received several queries from webmasters in the UK, so we've done some research, the results of which we are sharing here.
Essentially what we have found is that using Number 10 Downing Street (The UK Prime Minister's office) as an example, no action is necessary in order to be compliant with the law.
Our main findings are that the website of the Prime Minister of the United Kindgom is unclear in its interpretation the law;
- Although their website states "We will endeavour to let you know before we store a cookie on your computer." - which they do not, and
- They incorrectly list their first-party and third-party cookies by listing google analytics as the third-party cookie they set, when in fact google sets first-party cookies on behalf of the website where it is implemented.
Therefore, our conclusion is that in practice, there are no working examples, including the "highest website in the land," being Number 10 Downing street, of an implementation that makes any changes to the current situation.
Click here to see for yourself: http://www.number10.gov.uk/cookies/
NOTE: The bbc.com website is also not compliant.
The Cookie Law itself
On May 26th 2011 a new EU law came into effect requiring website owners to make structural changes to their websites which may fundamentally change the web browsing and shopping experience for everybody.
Because of confusion surrounding the implementation and interpretation of the law, The UK government updated the Privacy and Electronic Communications Regulations regarding the EU Privacy Directive, effectively creating a delay, and giving websites until May 26th 2012 to comply.
The proposed model is to ask website visitors to opt-in to having cookies set in their browser. You can see/ experience an example of what this looks like here: http://www.ico.gov.uk/about_us/our_organisation/key_facts.aspx
the text reads: The ICO would like to place cookies on your computer to help us make this website better. To find out more about the cookies, see our privacy notice. I accept cookies from this site.
We are formulating a Privacy and Cookies Policy notification that we will recommend to all our clients in order to ensure compliancy. We will be posting that policy recommendation in the near future.
Since writing this blog post, the uk information commissioner changed the regulations just hours before they were due to come into force.
The advice was only updated on Thursday, 48 hours before the deadline for implementing the new rules, and published the next day.
"This is a striking shift," said Stephen Groom, head of marketing and privacy law at the law firm Osborne Clarke. "Previously the ICO said that implied consent would be unlikely to work. Now it says that implied consent is a valid form of consent."
The use of "implied consent" shifts responsibility to the user rather than the website operator, and will come as a relief to thousands of website operators who have been struggling to comply with new EU directives which came into law a year ago.
For more details, please read: this Guardian article on the change.