One most controversial pieces of legislation passed by the Office of the Information Commissioner (ICO) during the past years regarding the internet and website development was the Cookie Act. No, we’re not talking about those scrumptious small, flat, and sweet baked delicacies that flutter our senses! Here we’re talking about those clever features behind your web servers!
Well, cookies are messages sent to a browser or web server, created from the user’s historical data. The message contains data about the user, extracted from the user’s memory, and can influence how we use the internet depending on what we are interested in or what we have already browsed. It is, therefore, effectively stored in the user’s memory.
Most websites use this information to monitor their websites’ performance and improve user functionality to enhance the user experience continuously. Nevertheless, those few who dishonestly use these data have persuaded the ICO to incorporate this brand-new law.
What was the new act all about? Websites can no longer use cookies or similar features unless they are considered compulsory. Necessary cookies are ones that remember login details or basket details when you’re shopping online. Anything that just reflects your searching habits or the websites you have been looking at are now banned.
So, what does this mean for websites? Is it a good thing or bad? For most websites within the EU, it actually means that they are breaking the law and could be classed as illegal.
What Will Happen If You Ignore the New Law?
Long before May 2012, the ICO did not put in place any formal enforcement style for those who did not comply with this new law (but did refer to civil monetary penalties). That was mainly because there were many complexities in implementing these changes to comply with the law.
This is displayed in their action on their own website, where they have introduced a yellow pop up at the top of the page. That explains how the site uses cookies to track how people use the site and some functionality and then offers them the opportunity to turn them off (warning its effects on the website).
The problem with how they have done it is that it contradicts the issue they are trying to counteract by introducing the law. It’s written to assume that the person entering their site knows what a cookie is and what it does. The law’s purpose is to help protect those who don’t know what a cookie is or does, so effectively by their own legislation; their site is not compliant.
Therefore…
Ask any website developer what they think about the law, and you may want to keep your ears covered when they give their honest opinion. Indeed, protecting netizens’ privacy is definitely an issue that needs addressing, but bringing in this law is too sweeping for its purpose.
To put it into perspective, if one window cleaner was stealing from the properties he worked at. You wouldn’t then go out and ban all window cleaners or enforce that they get permission slips signed every time they come to clean your windows. It would slow their work down and annoy you as a homeowner. You would instead sanction against the ones who are breaking the law.
The same applies to those website owners using cookies. The majority use them for innocent purposes, such as tracking how their own website performs to improve the experience for future visitors of the site. The minority uses them for dishonest means, and they are the ones to be punished.
When you set a pop-up requesting permission to use or not to use cookies, you’ll then need to use a cookie to record and remember the users’ answers. It’s going to be extremely tough for the ICO to draw the line on this legislation. Most websites used to carry on as they go, until May 2012, where all website owners had to find some way to ask user consent to use cookies.