The EU Cookie law stinks

Posted on 31 January 2012 by Pete Duncanson Tweet

I've been following the EU Cookie law for a while now in the hope it will somehow go away but it won't. So we have to look at how we can deal with it. There appears to be no clear cut solution.

Today I read one of the better posts trying to sum up the EU cookie law over at Enchilada Digital's website. It is a great read and I suggest you give it a once over. Reading it though you still get the impression that this whole idea is not all that well thought out.

The biggest issue we have is that the Information Commissioner’s Office (ICO) who are in charge of telling us how to follow the rules are dealing with developers and programmers. Us programmers tend to live in a very boolean world of true/false, yes/no, working/broken. There is not much room for "maybe" or "it depends" in our mindsets but yet that is very much what the ICO are asking us to work with while at the same time reminding us that if we don't do something we might get a £500K fine. Bit scary that.

I doubt anyone with a small blog, tiny online shop selling hand bags or similar has much to worry about but the bigger players are going to be chased (as they have the money) and possibly made examples of. All a bit bonkers really. This has happened before in internet land which makes me sad that its happening again.

When Verified by Visa was first introduced it was an opt in system. But it sucked so no one opted in. It stopped users doing what they wanted to do, use the web to get things done. It protected only the banks, its implementation was shocking and the only documentation was masses of pages of brand guideance explaining how you had to show the logo correctly. We implemented it for Olympic Holidays but kept it switched off until we absolutely HAD to enable it.

Creating another barrier for users

Verified by Visa was a barrier to users signing up, it hadn't reached critical mass yet so no one really knew what it was. The banks eventually forced our hand and we had to enable it. Here is the rub though, we didn't have to do it at the same time as the competition. The banks where picking big players at random. So once enabled we where potentially at a disadvantage to those other sites that didn't have this annoy barrier to sign up installed yet.

UK Prime Mister David Cameron pointed out a similar issue with taxing banks within the EU only yesterday. Unless the tax is a global one banks will just go else where to avoid it, everyone needs to implement it at the same time or some countries will be at a disadvantage which others which don't apply the tax become banking meccas. Like ship companies based in the UK operating ships under some land locked Africa country so they can get around health and safety rule. Its a all or nothing situation.

The EU Cookie law is the same, there is a deadline yes. But its not really going to be enforced it seems. Your competitors have to complain about you before the ICO will take much notice. So everyone will hold out until the last minute before they activate any of this cookie non-sense and even then only when caught.

I understand the desire to want to control cookies of course, there are some bad folk out there who want to do shady things with your data, but thats true of the internet full stop. Every corner of the internet has some dark shadows, be that dog fighting videos, kiddie porn or script kiddies wanting to infect your PC to inadvertantly help global crime/terror... those risks exist. Yet we don't ban the whole internet or remind you that bad things exist everytime you want to use it with pop ups.

The EU Cookie law to me as it stands is similar to the USA's recent SOPA law which has caused outrage in the state with online users and hopefully won't now get passed. It stops the problem, breech of copyright, but throws the baby out with the bath water by doing it. EU Cookie law is no different. The real desire as I see it is to stop 3rd parties tracking your every move to then provide you advertising, fine by me, remember though some of your favourite (or at least everyday used) services are solely funded by that advertising. Facebook, Google even Twitter can only survive currently by their advertising frameworks.

There has to be a better way that this though? It would be like trying to ban all spanners simply because every year some people get attacked with spanners. Yes they (spanner or cookies) can be abused but surely the target here should be those doing the attacking not the weapons they use? This is not a "guns don't kill people, people do" stance.

Guns kill a lot of people and do little other good (sorry NRA), cookies add a lot of good to the web and do very little that really effects us even when they are in the wrong hands. You think cookies are bad? Just how much information do people freely give to Facebook? Not just the stuff you put on your profile but every conversation you have in the chat window is stored, it can be processed and before you know it ads about your favourite topics "could" start appearing. No cookies required. A civil servant loosing his laptop or Sony or O2 have probably given more of your personal data away.

Restrospective education?

We now face the odd stance of having to educate users retrospectively about a bit of technology that none of them really want or need to know about.

"Whats that? You want to drive your car to the shops again, like yesterday? Well first I need you to sign here to say you understand the inner workings of the internal combustion engine...".

It might be understandable if we had done it from the start but it makes no sense now, the genie is out of the bottle.

No one will be shouting about this one though like they did with SOPA in the states. The reason is that the rule would have affected all users. This law is really only a pain in the neck for those sites that are large enough to appear on ICO's radar so we won't ge the same up roar. Which is a shame as it will destract god knows how many developer hours away from developing better sites and getting the EU our of the financial mess it is in.

A stupid law that's not enforcable, has no guidance how to comply and will do little for the web in the EU accept harm progress and income. Well done EU MEP's.