1. The strange
world of the EU
Cookie Law
Matt Steel
Online Service
Delivery Manager
WSCC – Capita Partnership
2. The EU Cookie Law
"Toto. I've a feeling
we're not in Kansas
anymore.“
2
3. What are cookies
The official explanation: "Cookies are a
general mechanism which server side
connections (such as CGI scripts) can use to
both store and retrieve information on the
client side of the connection. The addition of
a simple, persistent, client-side state
significantly extends the capabilities of Web-
based client/server applications.
3
5. What is a cookie in a
language I understand?
A cookie is information that a website
puts on your hard disk so that it can
remember something about you at a
later time.
5
20. 11 th
October 2012
"Nobody in Europe should
want to see DNT [do not
track] standardisation stall or
fail, it's in no one's interest.
The cookie consent rules will
be enforced and providers
will have to comply. Nobody
wants users who can't trust
the web; nobody wants
expensive ad-hoc solutions;
nobody wants to be sued for
illegal tracking." Neelie Kroes,
Vice-President of the European Commission
20
28. Thank you
Matt Steel
matthew.steel@capita.co.uk
28
Editor's Notes
Before you loose the will to live……
I went to the Olympics and was give a bright ticket to enter the events I had paid for. But when half way through an event I wanted to get some water I was given a pass that meant I could bypass the queue on the way back in. A cookie is a bit like that pass. I have been before I have given access to some information already so make it faster for me to interact with you the next time I visit.
Cookies are everywhere and make the web work When we like something it sets a cookie, so we know we have liked it when we go back. It remembers the settings on a website so we don't have to set them all over again It allows us to have shopping basket and it to remember all the things we’ve bought. Otherwise we’d have to buy each thing individually. It makes it quick to log in on sites and to give them our information. It allows sites to gather anonymous information on its visitors so that they can improve the journey for us.
Some of the larger players realised there was potential revenue in setting cookies that would gather information on our browsing habits once we moved off their sites and onto others.
These cookies would track our life on the web. Following us and understanding what we were looking at.
This information would then allow advertising to match what we seemed to be interested in.
There were two sides to this argument: The corporations we acting like an all seeing and knowing spy and gathering more information than they were reasonably entitled to. In order that we could have brilliant functionality and services on the web a revenue stream needed to be generated that didn’t involve charging us. Being able to target advertising and marketing at us was that means.
So along comes the European Union to save us web users form the evil corporations
A directive has to be ratified by the member states of their union to become law. The initial feeling was that the UK would drag its heels
By the time the law was supposed to have been enacted only three states had ratified it. Estonia, Denmark and the UK
In the UK it became the job of ICO to enforce this alw and to be the EU’s strong arm.
The problem was that the law was seen as so out of touch with the way websites operated and web users wanted to experience the web that there were calls either to Water the law down and move away form prior consent Or sites owners would just ignore the law.
A quick check to date shows that the following UK Government sites are not compliant
There is a question on whether the ICO will ignore enforcing the law unless absolutely made to. Like these laws Every English man must practice the long bow on a Sunday It is illegal to die in the British houses of parliament It is legal to kill a Welshman after dark in Chester It is illegal to eat mince pies on Christmas Day A pregnant woman is entitled to ask a policeman offer his helmet if she needs the toilet.
So it looked like the ICO was going to quietly ignore the enforcement of the law. And then this statement came form the EU
But spot the problem: The EU is going after these evil companies who as mining information form their users.
But all these companies are not under EU jurisdiction so are not subject to the law.
So where does that leave the EU cookie law?
Being a government site we felt there was a strong onus on us to comply with the prior consent so we developed a cookie bar for our site.
This provided information on our use of cookies and how you can accept them.
The problem is most people ignore the green tick and get on with fining their information. And this is what has happened to our analytics. Now it is very hard for us to understand what our customers want.