• Author:Tom du Pré
  • Comments:8

The cookie law and what we have learned

I’ve spent a large part of the last year talking about cookies, writing about cookies, advising about cookies and avoiding cookie related puns wherever possible. Now that cookie day is upon us I thought I’d take a look back at the last year and see if we can learn anything about what has happened.

It’s easy to get involved in politics when it’s too late.

The cookie law didn’t just appear over-night. To start with there were discussions in Europe about it, which eventually lead to the EU directive being issued, which eventually lead to the UK law being implemented, and then we were given a years grace. It’s been several years in the making. The time to protest about how ill thought out and misdirected this law is was in 2009. Unfortunately most of us don’t pay much attention to what happens in Brussels. We only noticed what was going on when it had all happened and the law had been passed and we’ve only ourselves to blame for that. Complaining about the cookie law to the ICO now is a bit like shouting at the Saturday girl in Primark about child labor in Chinese factories. Just like the law, that would be ill thought out and misdirected. If you are interested in the politics of the internet, get involved where and when it counts, because you’ll look a bit silly being indignant from the sidelines three years too late.

Hopefully it has not escaped your notice that there are a whole load of new ePrivacy laws that will hit us in a about 18 months time. Do you care about these? If you’re reading this you probably do. So do some research and get involved.

People are happy to deliberately misunderstand things

It hasn’t helped that the law was very badly worded but that hasn’t stopped lots of people deliberately misunderstanding and misrepresenting it. Whatever your views on it, the ICO’s guidance has been consistent, brief and readable throughout and made it clear from the outset that consent does not always have to mean prior opt in consent. There have been lots of articles, videos and blogs that have gone to great lengths to describe how disastrous prior opt in consent would be for the web. I don’t disagree, it would be rubbish. But it’s not an issue because it won’t be necessary in the majority of cases.

And what baffles me further is that many of the people who have been most vocal about how terrible prior opt-in consent is, have gone and implemented prior opt-in consent on their own websites for innocuous things like analytics cookies! It’s web martyrdom and it’s not impressive. It’s like driving at 40mph on the motorway because you don’t think 70mph is fast enough.

So what happens next?

In the short and medium term, not a lot probably. The ICO will investigate any serious breaches but I get the impression they think they have got far better things to do with their scarce resources. What concerns me is that when the next round of ePrivacy (PECR) laws appear everyone will remember what a disaster the cookie law was and fail to take the new laws seriously. One thing we can be sure of is that it will be ugly. The new laws will be much more complicated and far reaching than the cookie law and there will be even more scope for confusion and misunderstanding, deliberate or otherwise. You have been warned!

Tweet about this on TwitterShare on FacebookDigg thisEmail this to someoneShare on Google+Share on LinkedInPin on PinterestShare on RedditShare on StumbleUponShare on Tumblr