EU Cookie Law Explained

The EU Law was conceived to protect users privacy and came into effect in May 2011 and from May 2012 is in fact a legal requirement, but since half the government websites themselves are not currently compliant they are not pushing it too heavily as it would obviously be slightly hypocritical.

It all started because, advertisers wanted to target users with more relevant ad content, so they thought it would be a good idea to track users internet usage with cookies, and follow this up by feeding them relevant adverts to the web pages they have previously visited i.e. 'behavioural targeting'. It sounds like a genius idea and actually rather useful but in fact it ended up generating a huge amount of complaints because your day-to-day internet user had no idea their movements were being tracked in such detail, and after they did realise they were not happy bunnies.

Frustratingly, the wording of the law (and the guidance issued up until May 2012) made it extremely hard to work out what 'compliance' actually looked like. In the UK the body responsible for regulation is the Information Commissioners Office, and they were criticised heavily by the industry for their lack of guidance and clarity. The law states that a user has to give their consent for information to be stored on their computer, but exactly what 'consent' consisted of was left open-ended. New guidance was issued on the 25 May 2012 (the day the law started being enforced) that made it clear that consent could be implicit. This new guidance has been taken to mean, for example, that a small banner announcing that the site uses cookies, with a link to more specific information about how those cookies are used, is sufficient to comply with the law. From a client and agency point of view, it's not much effort to make these changes but certainly takes analysis of the site cookies, addition of some kind of flag to let the user know the site is using cookies, together with the content being written for the cookie information page. (More complex solutions could involve an 'Accept Cookies' button that confirms the user is happy to be tracked).

The ICO has made it clear they are not intending to start a crack-down but they do want to see compliance, especially with larger, more public sites that already house a lot of advertising. That said, they do appreciate that it requires effort and money to become compliant.

Our view is that it's a little like the 17.5% to 20% VAT switch over; lots of accountants made good money because all the businesses had to comply with the new rate meaning all labels had to be changed, tills reset, stock re-priced, cash flows re-worked and software adjusted, all-in-all probably costing the businesses a collective small fortune. I guess as the Digital Agency who has to carry out the work, we are in fact 'the accountant' in this scenario but as a company that spends a great deal of time reducing the amount of clicks a user has to carry out on their journey to their desired content, I can't help but resent this extra click stage. Essentially, users have complained and they have been answered with a more complex and frustrating user journey. A bit of a backward step really.

Perhaps other areas of the world are looking at this EU Law and thinking we are all a little naive and crazy to really believe no one was tracking our internet usage but at least people are now more aware and our privacy is being considered and scrutinised, which will in turn effect the wider privacy debate, specially in an digital age where there's very little privacy left at all.

More information on this law can be found at the ICO website directly.