The current cookie crisis

The BBC published a post today about upcoming EU legislation over the use of cookies. This has sent many website owners into a panic. However, is that panic justified?

Cookies are one of the building blocks of most websites. These small text files on users computers allow websites to store all kinds of information. Cookies allow websites to remember users login details, shopping cart content and the current ‘state’ of a webpage. They are also used to produce targeted advertising based on users behaviour and power stats packages such as Google Analytics.

BBC news article

It is this latter group and associated privacy issues that have encouraged the European Union to introduce its current legislation. The EU is worried that cookies can be used for intrusive behavioural advertising.

No need to panic

The legislation was passed some time ago but the current panic is because of an impending May 25th deadline. However as the BBC article points out…

We do not expect the Information Commissioner’s Office (ICO) to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies.

This is because at the moment the legislation is still vaguely defined. Guidelines about how to conform are still being drawn up.

We are still a long way from the nightmare scenario painted by some of terms and conditions being presented before being able to access a website.

itunes terms and conditions

Explicit consent

The part of the legislation that is causing the most panic refers to users providing “explicit consent”. Unfortunately what explicit consent means is open to interpretation.

For example, advertisers are arguing that web browsers allow users to disable cookies so if they choose not to disable them they are providing consent. Unsurprisingly privacy advocates dispute this.

Browser cookie controls

What should you do?

So with the legislation still open to interpretation and the May 25th deadline looming, what should you do if you run a website? Personally, I recommend following the advice found at They write…

We recommend that if your website uses cookies, you should:

  • include a link to your privacy policy on all pages;
  • explain in that policy how and why you use cookies; and
  • include a link in your policy to so that your visitors can access instructions on deleting and controlling cookies.

    No doubt the BBC news story will lead to a rash of email spam claiming our sites break EU regulations (and wanting us to pay for it to be fixed) in much the same way we saw over accessibility. Don’t be taken in. You will need to make changes to your site but it is extremely unlikely this will be the doom days scenario some claim.

    • I replied to a request in the ICO newsletter which asked people to say how this would affect them. After some experimentation I discovered that our online donations software (we are a charity) would crash if you disabled cookies. I told the ICO guy this and he said
      “The revised rule does allow cookies without consent where they are “strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.” “

    • This will probably be a storm in a teacup, but will be brilliant link bait for a few weeks as everybody runs round like headless chickens.

      The advice from tallies entirely with what I have been advising my clients. I would imagine that the worse case scenario will be a message that appears when you access a site that asks that you agree to the T&C’s of the site, with a link to them. Most users tend to blindly click OK and this will then set a cookie that when detected on subsequent visits will prevent the message being shown.

      For those users that do take the time to read the T&C’s the site will have to state how they take a users data privacy very seriously and the only cookies that are set are those that are absolutely necessary and how the data captured will help to provide future site improvements.