EU Cookie Law and How It Affects the Web

Although most of the rumors and discussions are right now focusing on acts such as SOPA/PIPA, which expand the ability of law enforcement all over the world to fight online trafficking in counterfeit goods and copyrighted intellectual property, the web should for now be concerned with something else happening in the close, very close future.

The 26th of May is the final day for websites in Europe to comply with the new EU Cookie Law. This is a new piece of legislation focused on user privacy on the internet and requires webmasters to first ask and obtain consent from visitors if they wish to store or retrieve information about their online behavior. The consent needs to be obtained regardless of the device the data is stored on, including smartphones and tablets.

The directive started as an online privacy protection programme one year ago and was adopted by all EU countries on the 26th of May 2011. The law gave all EU countries a grace period of one year in which they had time to modify legislation and comply with the addition. The main point behind the law was to make customers aware of how the information about them is collected and stored by web pages they visit and while this is a good idea, many concerned voices say the law doesn’t really do good for internet surfers.

What’s a cookie?

Cookies are the way for web pages all over the world to store information about visiting users. Other newer technologies like Flash and HTML5 Local Storage do the same and while they are covered by the EU Law as well, it was called “EU Cookie Law” because most of the information is stored through cookie usage.

Cookies are not only helpful for the webmasters. Actually, they are more helpful and beneficial to visitors. They are used to track people’s visits and surfing behaviors on the internet in order to deliver better targeted advertising.

They are also useful for some other kinds of actions. They are the ones helping websites keep the users logged in even after they leave the page. And it helps us by helping them. Visitors don’t want to log in all the time they visit a page. It would be annoying to log in every time you use Facebook, wouldn’t it? Also, remembering different settings users wish to use all the time is done through cookie usage as well.

Cookies help webmasters too, offering them information about the users behaviors on their web pages. Tracking tools such as Google Analytics, which measure site performance, will in most cases use cookies too.

EU Cookie Law

However, the EU Cookie Law mostly focuses on the cookies that track user’s visited pages to deliver targeted advertising.

To create a general impression for you, we took a look at how many unique cookies some popular websites have.

  • facebook.com: more than 382.000
  • apps.facebook.com: more than 47.000
  • dailymail.co.uk: more than 17.000
  • google.co.uk: more than 12.000
  • youtube.com: more than 10.500
  • mail.google.com: more than 8.000
  • google.com: more than 5.500
  • imdb.com: more than 4.300

EU Cookie Law for users: Yes or No?

A survey has been conducted few days ago by the IMRG and eDigitalResearch. The survey was conducted in the UK and came with the following conclusions:

  • 75% of UK consumers never heard of the e-Privacy Directive before taking the survey.
  • After being informed about the law, 89% of the questioned people believed it is a positive step towards online privacy.
  • 79% of the questioned believe something needs to be done in order to inform people about what cookies mean for their online experience and safety.
  • 33% of them believe cookies may be used to virus computers.
  • Only 23% of the questioned do not object against cookies which improve the user experience, which means 77% are actually against all kinds of cookies.

What to do?

The Information Commissioner’s Office (ICO) wrote a full guide for webmasters who wish to become compliant with the law. The document is long and has to be read from the beginning to the end, but I can make a short summary of it here, just so you get the basic ideas behind what you need to do.

The first step you need to take is to audit your website for cookies. You need to find out what kind of cookies your site sends to users. Find out what they are used for and which ones you need to get consent for, because there are some which according to the new law are legal to be used without consent.

To ask for user consent you need to use some tools, but first you need to analyze your website. The ICO recommends a powerful online tool to help you do this. It is called The Optanon Auditor and works as a plug-in for Google Chrome.

The Optanon Auditor tool can be use as a limited software on your domain – but it should be good enough to offer you a preview of what you need to change right away. Don’t forget you only have a few more days to comply with the rules. According to official reports, companies not complying with the rules can get a fine for up to half a million British Pounds in the UK.

Some other steps you might want to take include creating a link where you explain your users everything about privacy issues and the cookies you use. Some of them might not know what you talk about while some other might not be interested at all. But it would mean a lot for the ones who want to know what they get into when accepting cookies from your page. If you show you have nothing to hide, users will not be afraid to come back to your website.

Explain users what cookies are for and that you do not use them for malefic purposes. Start with the advantages they can get: staying logged in, having their settings remembered and so on. Put focus on them because they are the most important.

Helpful jQuery Plugins for EU Cookie Law

There are several jQuery plugins you could use on your website to help you get acceptance from your users.

The first one is called CookieCuttr and it is available as a WordPress plugin as well. What the plugin does is simple. It allows you to hide different parts of the website, such as the ones generating cookies, and display modal boxes which ask for permission to use cookies. They also show a “reset button” which helps users delete all the cookies for that respective website.

Cookie Control enables you to comply with UK and EU law on cookies, in a couple of quick and easy steps. Cookie Control does just that, presenting users with clear information on whether cookies are present, linking to your privacy policy (where you should have specific information about what cookies are in use), and advising users on how to adjust browser settings and what cookies mean for them.

Another useful plugin is called EU Cookie Law Script and is developed by the pro web developers from CodeCanyon. The plugin costs $5 and shows a smooth slide down banner with a fade in bubble where text can be customized and introduced in order for the visitors to get familiar with the issue. If the user agrees, the banner slides away.

The jQuery Cookie Compliancy from CodeCanyon is another helpful tool priced at $5. It provides webmasters a way to allow users to opt-in or out of using cookies. Once the usage of cookies is accepted, the restricted JavaScripts are automatically added and any future page loads will include them. Otherwise the JavaScripts will be disabled for the respective user.

Silktide is the last useful plugin I found. Its advantage is that it comes as an open-source tool. The free plugin is easy to install by only including few lines of code. Users visiting the website will see a message dropping from the top of the screen which will ask them for cookie usage consent.

Not agreeing?

If you think the law is not something you can live with, then this website is made for you. NoCookieLaw was made for people who want to protest against the legislation. The site explains users why the Cookie Law is bad for user experience and allows them to sign a petition to stop the enforcement of the law on websites.

Conclusion

With SOPA/PIPA acts taking the spotlights in press all over the world, there is no question about why not many people heard of the EU Cookie Law. Although good intentioned, the law does not do so much good in the end and can confuse users and put European companies in disadvantage, according to NoCookieLaw.

Now I am not the one to judge. Yes, online privacy is an important issue that needed to be addressed. But is the European Cookie Law the perfect answer to a question that has been asked too many times? I will let you decide on that. What do you think?

Christian Vasile is an enthusiastic Romanian web designer currently living in Denmark. You can follow him on Twitter at @christianvasile or visit his web portfolio at christianvasile.com.

Newsletter

15 Comments
  1. Martin May 17, 3:50 pm

    I am not at all happy about this. I have some client E-commerce sites that are running on bought systems which I modified and I am not sure how to solve their issues not to mention all the other less complicated sites that need to be addressed:-(.

    Reply
    0
  2. Nao May 17, 4:31 pm

    ‘Cookies are not only helpful for the web masters. Actually, they are more helpful and beneficial to visitors. They are used to track people’s visits and surfing behaviors on the internet in order to deliver better targeted advertising.’

    Better targeted advertising doesn’t help anyone, but advertisers. Yes, I get what you are saying, but don’t call it help, please?

    Reply
    +1
    • Christian Vasile May 17, 9:32 pm

      I will continue to call it help, because it is a kind of help. Who is advertising for? Would advertising exist if consumers wouldn’t be interested? No, it wouldn’t.

      Online ads only exist because people are willing to buy different products. So maybe you are not interested in ads, but your neighbor might me. It is quite clear that cookies “help” him by delivering better targeted advertising.

      Reply
      0
    • Robin May 18, 1:03 pm

      Agreed. This paragraph is ambiguous. Any form of advertising is not welcome, be it targeted or not. What this paragraph does is state a very general practice. Cookies are very useful in storing web UI settings a particular user may desire. In order for them not to have to re-do certain actions each time they return, a cookie will be read off the client’s machine and all boxes re-populated / re-sized / colour choices enabled / cart items restored etc. This whole privacy thing has totally gone out of control. I see no issues with storing cookies. If I REALLY wanted to track your online movements on MY site (its very difficult reading other site’s cookies BTW) I would store all of that in session variable or inside my database.

      This legislation will not prevent any of this Privacy violation that is supposedly going on. Next time you visit, your data will be popped into the webmaster’s database. Easy. Stupid. Half a million pound fine. What a joke! Probably initiated by some granny brigade.

      What this article doesnt mention is if I as a website owner in South Africa do not abide by these laws, are the EU cookie police going to come and serve me with a R7million Rand fine??

      Reply
      0
  3. Andrew May 17, 4:55 pm

    I think if we weigh the pros and cons of this you’ll find that this cookie law is going to do more harm than good, it will probably end up severely damaging the growth in the web development community. Cookies are used for most major websites, and if you look at Facebook, they have over 300,000 cookies on their site alone.

    Keep in mind that this law also only applies to European countries, and is not a worldwide thing. If something like this were to actually be effective in “protecting” us from cookies, it would have to be something worldwide.

    Reply
    0
  4. Angelos May 17, 5:06 pm

    Seriously, I really don’t see the website’s complying. I was asked to remove this cookie thing from one of my sites because the users thought it was annoying. One even told me that they would leave a site immediately after receiving such a notification. How would businesses naturally respond to this, well, considering their traffic is now going down, they would automatically remove this plug-in until people understand it more.

    Reply
    0
  5. Rochester May 17, 7:03 pm

    Hi Christian, nice article!

    And this doesn’t change the fact that we can store user data, despite of there’s a file called cookie. We can just store it into DBs, or use a mix of local storage and ajax to load a lot of stuff.

    This is the kind of law made by people that just don’t get how this “internet thing” works..

    []‘s

    Reply
    0
  6. James Isles May 17, 7:20 pm

    I think the law is an absolute joke currently the cookies used by Google Analytics contravene the law and are not deemed as ‘essential’. It will make for a crappy browsing experience as almost every site you go to will have a pop up or banner which must be agreed to.

    I’d rather they spent their time try to get us out of this awful recession.

    Reply
    0
  7. ChefGaby May 17, 7:56 pm

    I think everyone is making too much of a fuss about this cookie law.
    There are a lot of things people do not take in consideration about this.
    First of all, the law is for people with websites targeting EU countries. if you target the US then you don’t need to get consent.
    Second, the law was not made to make life harder for web developers. It was made to protect people’s rights.
    If you have a website and you don’t add a pop-up or a notice you probably(99% of the time) won’t get sued because you are not using those cookies to track the user over multiple websites and you don’t want to hurt the visitor. You just use the cookies to display private information, relative to just the the a single user.

    The ICO website says you don’t need to ask permission if the cookie “is strictly necessary to provide an information society service requested by the subscriber or user”. This means that log in cookies, for example, don’t need consent. The user implicitly knows he will have a cookie on his computer if he loges in.
    If you display a pop-up and ask the user to give consent and he says no, where are you storing the information? You can store that in a cookie. You are allowed to.

    I think this law is mostly in place so big advertising giants won’t be able to track users like they are doing now. If a user complains about it to the authorities, they now have a law they can refer to and “punish” the firms according to it.


    DolcePixel.com

    Reply
    0
    • Christian Vasile May 17, 9:30 pm

      I like how you put it. “The law is for people with websites targeting EU countries. If you target the US then you don’t need to get consent.”

      You know, some of us actually live in the EU and own companies here, so it is actually a big deal. It might not be a big deal for US citizens or people from other continents, but it is a big deal for us. So just because probably you don’t live in Europe and don’t care, don’t minimize the importance of us, “the others”. Thank you!

      Reply
      0
      • Andrew May 17, 11:05 pm

        I couldn’t agree with you more.

        Reply
        0
      • ChefGaby May 18, 3:31 pm

        I live in The Netherlands :)
        Yes, this affects me too, but I really don’t see this cookie law as such a bad monster at the moment.

        Reply
        0
  8. Martin May 18, 12:00 am

    Agreed. There are people living outside the US you know.

    Reply
    0
  9. Ted May 18, 7:15 pm

    My dear ChefGaby, Your comment:you probably(99% of the time) won’t get sued because you are not using those cookies to track the user over multiple websites
    Source: http://designmodo.com/eu-cookie-law/
    is not accurate.
    If you use Google analytics that cookie is processed through Google to complete the analytics reports for analysis of your website.
    So, yes I will be adding the cookie notice that the only cookie on our website is placed there by Google.
    We are a BV that has a .EU website that advertises our services.

    Reply
    0
  10. ChefGaby May 18, 8:07 pm

    To everyone still worrying about the issue and to those not agreeing with me, you should read this article
    “ICO: no fines for breaking cookie rules”: http://www.pcpro.co.uk/news/enterprise/374734/ico-no-fines-for-breaking-cookie-rules

    Reply
    0

Leave a Reply

*
* Minimum length: 20 characters