Computers

Watered-down U.K. "cookie law" comes into effect, internet barely notices

View 4 Images
The Information Commissioner's Office website contains a cookie prompt
The Information Commissioner's Office website contains a cookie prompt
BT's website cookie prompt
Visitors to the BBC website are shown this message
View gallery - 4 images

A new law came into effect in the U.K. this past weekend which requires U.K.-based websites to receive consent from visitors before using cookies to store tracking information about them. Though the law originally called for visitors to explicitly opt-in with the use of a checkbox or similar method, the Information Commissioner's Office (ICO), an independent privacy watchdog, backpedaled just 48 hours before the law was to come into force and watered down the legislation to allow "implied consent" - in other words, websites can assume users have already consented to the use of cookies.

Cookies are small files usually made up of text and numbers which are used by websites to communicate with the device that is accessing said website. Cookies come in varying types and often store harmless information such as if the user is a repeat visitor, or their approximate location. While cookies such as these are rarely a cause for alarm, concerns have been raised toward the prevalence of a more invasive form of cookie, used to track the browsing habits of web users and offer personally catered advertisements.

The cookie law originates from a 2003 European Directive (2002/58/EC) concerned with the protection of privacy with regard to electronic communications. Though this 2003 law did not demand consent for the storage of cookies, a later amendment in 2009 made such a requirement law and each EU member state was given until 25th May 2011 to implement their own laws to reflect this change. The U.K. introduced the amendments on 25th May 2011 through The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 and then allowed a grace period of one year for website owners to come into line.

Visitors to the BBC website are shown this message

However, as the deadline approached it became apparent that most websites, including some in use by the U.K. government itself, would be unable meet the required standards set out by the law and thus the law was watered-down. The cookie law does contain provisions for a conceivable fine of up to £500,000 (approximately US$784,000) which could be levied against offenders, but the ICO insists that it will be offering guidance, not punishment, to those who fail to meet the new standards.

Citing a survey conducted by PriceWaterhouseCoopers LLP (PWC), the ICO's own cookies guidance states that only 13 percent of respondents indicated that they fully understood how cookies work.

View gallery - 4 images
  • Facebook
  • Twitter
  • Flipboard
  • LinkedIn
2 comments
Michael Mantion
How utterly stupid and annoying.. I don't want a website asking me if its ok to "track me".... Of course its ok.. Why the heck wouldn't it be ok. If it wasn't ok I would set my browser not to accept them. I hate stupid people.. They better not try this crap in the US.
Charles Bosse
I noted a while back that Gizmag (via advertising I was told in a response) uses a significant number of cookies (something like 30 or more). Try setting your browser settings to "ask each time" under "accept cookies", and see what websites become unbearable to visit: the list might surprise you.
Unfortunately, most online shopping sites use cookies to track items in your shopping cart, so disabling them isn't really an option, nor is agreeing to them individually unless you want to severely restrict the usable portion of the internet. Fortunately it isn't too hard to set most modern browsers to delete some or all of your tracks on exiting, but it's still sort of sad to see that misuse has become so accepted and widespread.