Tag: Cookie law

Proportionate, balanced response to the cookie law? You got it.

I would be entirely sympathetic to anyone sending a letter similar to the one below to the ICO in response to a complaint about cookies.

Dear DCMS and ICO.


You gave us a delayed and loosely worded cookie law that missed the point of the wider privacy concerns completely. So if my response to your law is delayed, represents the loosest possible interpretation and doesn’t solve the wider privacy concerns, please don’t be surprised.

You asked us for a measured response to the law that is proportionate to the intrusiveness of the cookies we use. Almost all cookies are pretty benign, even the advertising cookies, and users’ browsers have had the ability to control cookies ever since they were invented. Our measured, proportionate response has therefore been to put a link to a brief and readable cookies policy in the header/footer. I’m fairly confident that this is all you expected us to do anyway, but it would have been nice if you’d just told us this eighteen months ago.




Don’t over-comply

Whatever your views on the law are, it’s becoming increasingly clear that complying with it in almost all cases will be as simple as understanding what cookies you use, and having something on your site that tells people what you do with them. That’s it. Unless of course your cookies capture peoples’ medical details and then you flog that data to insurance companies. You might want a checkbox for that. Otherwise, I see nothing whatsoever to suggest that a footer link and some information is not enough. And “enough” is the key word. Why do more? By doing more you wouldn’t be helping yourself, and you certainly wouldn’t be helping your users.

We, as citizens, are not expected to unnecessarily over-comply with any other laws. We don’t drive at 60mph on the motorway when it’s clear. We aren’t expected to pay 4% stamp duty when we’re only in the 1% band. So don’t feel like you have to over-comply with the cookie law and remember the people who want you to over-comply are almost certainly the people trying to sell you something you don’t need.

Stupid little buttons and banners

As an enthusiastic user of the internet I am getting increasingly irritated and bored by stupid little buttons and banners asking me about cookies. As someone with a reasonably informed opinion about the cookie law I am dismayed that site operators think this is appropriate, meaningful or useful to anyone.

If web users start demanding stupid little buttons and banners, or if the ICO does fine someone for not having a stupid little button or banner, or if someone can convince me that stupid little buttons and banners somehow improve users’ control over their privcay then I will start recommending that site operators add stupid little buttons and banners to their sites. Until then, my advice (I’m not a lawyer etc.) continues to be do the least you can to comply with the law, in a grown up, non-churlish way and not put stupid little buttons and banners on your sites. Chances are your cookies aren’t intrusive enough to warrant anything other than a navigation bar link to an informative cookies policy page anyway.

Not a lot of regulation from the regulator

In the early days the ICO were keen to say that they expected industry to come up with sensible solutions to how to comply with this law. At the time I though how nice of them that was. Now I realise that guidance meant “We don’t know how to do this, you tell us”, to which I respond “No, you’re the regulator, so regulate. If you’re serious about the actual privacy concerns (and you should be) give us a serious law to comply with.” Christopher Graham, the Information Commissioner said that he “had teeth and was willing to use them.” So far he’s written a nice letter to fifty companies, there haven’t been any fines, they don’t respond to complaints via their complaints tool and they don’t even respond to scammers imitating them. We’ve seen no evidence of Christopher Graham’s teeth and I hope that’s because he’s got them sunk into more important things.


Dear ICO: This Is Why Web Developers Hate You - A response

The good people at Silktide recently posted another of their entertaining blogs, this one entitled “Dear ICO: This Is Why Web Developers Hate You“. Silktide are the same people who made “The stupid EU cookie law in 2.5 minutes” and more recently “The stupid cookie law and why it should die” videos. I broadly sympathise with Silktide’s views and find their videos hugely entertaining, well written and clever. I would however like to to address some of Silktide’s statements and provide a bit of balance.

The cookie law and what we have learned

I’ve spent a large part of the last year talking about cookies, writing about cookies, advising about cookies and avoiding cookie related puns wherever possible. Now that cookie day is upon us I thought I’d take a look back at the last year and see if we can learn anything about what has happened.


The case against cookie consent header solutions

A new micro-industry has appeared with products that claim to make your website instantly compliant with the cookie law. There has been much confusion and dismay about what this practically means to website operators. To take advantage of the apparent difficulty in making websites compliant a bubble of new companies has formed offering products that claim to make your site compliant. These are bold claims indeed. (more…)