Thursday, 26 May 2011

Not A Smart Cookie

From midnight tonight, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 comes into force. This amends the 2003 Regulation and enhances the powers of the Information Commissioner particularly regarding internet cookies.

The amendments require companies and website owners to gain explicit permission before setting a cookie on an internet user’s computer. Failure to abide by this Directive could lead to a fine of up to £500,000 for a serious breach.

This amendment has been controversial for a number of reasons. Firstly there's the catch-22 situation. When visiting a site a message will appear; "do you consent to cookies from this site". If you click 'no' the website cannot leave a cookie to remember your response so when clicking on a second page on the site, another pop-up window will appear requesting your consent again - and this will happen continually until you consent. Shopping online with EU websites, as a consequence, will become an unpleasant and intrusive experience, which leads onto the second point. These rules will not apply to non-EU sites, making them more of an attractive experience and putting EU sites at a commercial disadvantage, not least also because of the additional over-heads of complying with the rules.

My Europhile Tory MP; Ed Vaizey (Minister for Culture, Communications and Creative Industries) has previously expressed his concerns, regarding this directive:
"...a good example of a well-meaning regulation that will be very difficult to make work in practice."
Concerns that also included traditional Tory friendly words like:
"I am not a big fan of regulation."

" is so important for us to adopt a flexible approach"

"...a one size fits all solution will not cover everything"
But as Mr Vaizey's open letter this week makes clear, he has every intention of complying:
DCMS looks forward to continuing its close collaboration with the ICO and other stakeholders on the development of appropriate technical solutions to this challenging and difficult provision. We remain firmly convinced that the UK implementation is correct that it is good for business, good for consumers and addresses in a proportionate and pragmatic way the concerns of citizens with regard their personal data online.
"...there will be no immediate changes to how UK websites operate as a result of new EU rules".
There will be no immediate changes, which only means that we will comply eventually, and we must because the Information Commissioner has told us so:
British businesses have one year to make sure their websites comply with updated rules governing the use of cookies, the UK's data protection authority has warned.

...the cookie consent laws will not be enforced immediately, information commissioner Christopher Graham said on Wednesday.

"We're giving businesses and organisations up to one year to get their house in order," Graham said in a statement. "This does not let everyone off the hook. Those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules."

We therefore only have a year's respite before the EU Directive is implemented, and in many cases it will be implemented earlier.

So an unelected bureaucracy issues laws that are then implement by an unelected quango in the UK regardless of the wishes or concerns of the elected representative, to the detriment of British business. Therein lies the state of British democracy.


  1. The obvious solution is for the browser software to come up with a message when you leave a site saying something like "Do you want to deleted all cookies from this site". Perhaps it's there already, but if so, I can't find it.
    If you are asked after every page you load whether you want a cookie, most people in the end will click "OK" in order to get on with what they want to do.

  2. @EP The Firefox browser has a similar add-on where you can 'right click' a website and choose a 'remove cookies' option:

    Agree with your point that most people will just click ok in order to get on - in my experience the more pop-up boxes / options introduced the more the average PC user panics.