EU Cookie Law and How It Affects the Web
Although most of the rumors and discussions are right now focusing on acts such as SOPA/PIPA, which expand the ability of law enforcement all over the world to fight online trafficking in counterfeit goods and copyrighted intellectual property, the web should for now be concerned with something else happening in the close, very close future.
The 26th of May is the final day for websites in Europe to comply with the new EU Cookie Law. This is a new piece of legislation focused on user privacy on the internet and requires webmasters to first ask and obtain consent from visitors if they wish to store or retrieve information about their online behavior. The consent needs to be obtained regardless of the device the data is stored on, including smartphones and tablets.
The directive started as an online privacy protection programme one year ago and was adopted by all EU countries on the 26th of May 2011. The law gave all EU countries a grace period of one year in which they had time to modify legislation and comply with the addition. The main point behind the law was to make customers aware of how the information about them is collected and stored by web pages they visit and while this is a good idea, many concerned voices say the law doesn’t really do good for internet surfers.
Cookies are the way for web pages all over the world to store information about visiting users. Other newer technologies like Flash and HTML5 Local Storage do the same and while they are covered by the EU Law as well, it was called “EU Cookie Law” because most of the information is stored through cookie usage.
Cookies are not only helpful for the webmasters. Actually, they are more helpful and beneficial to visitors. They are used to track people’s visits and surfing behaviors on the internet in order to deliver better-targeted advertising.
They are also useful for some other kinds of actions. They are the ones helping websites keep the users logged in even after they leave the page. And it helps us by helping them. Visitors don’t want to log in all the time they visit a page. It would be annoying to log in every time you use Facebook, wouldn’t it? Also, remembering different settings users wish to use all the time is done through cookie usage as well.
However, the EU Cookie Law mostly focuses on the cookies that track user’s visited pages to deliver targeted advertising.
To create a general impression for you, we took a look at how many unique cookies some popular websites have.
- facebook.com: more than 382.000
- apps.facebook.com: more than 47.000
- dailymail.co.uk: more than 17.000
- google.co.uk: more than 12.000
- youtube.com: more than 10.500
- mail.google.com: more than 8.000
- google.com: more than 5.500
- imdb.com: more than 4.300
A survey has been conducted few days ago by the IMRG and eDigitalResearch. The survey was conducted in the UK and came with the following conclusions:
- 75% of UK consumers never heard of the e-Privacy Directive before taking the survey.
- After being informed about the law, 89% of the questioned people believed it is a positive step towards online privacy.
- 79% of the questioned believe something needs to be done in order to inform people about what cookies mean for their online experience and safety.
- 33% of them believe cookies may be used to virus computers.
- Only 23% of the questioned do not object against cookies which improve the user experience, which means 77% are actually against all kinds of cookies.
What to do?
The Information Commissioner’s Office (ICO) wrote a full guide for webmasters who wish to become compliant with the law. The document is long and has to be read from the beginning to the end, but I can make a short summary of it here, just so you get the basic ideas behind what you need to do.
The first step you need to take is to audit your website for cookies. You need to find out what kind of cookies your site sends to users. Find out what they are used for and which ones you need to get consent for, because there are some which according to the new law are legal to be used without consent.
To ask for user consent you need to use some tools, but first you need to analyze your website. The ICO recommends a powerful online tool to help you do this. It is called The Optanon Auditor and works as a plug-in for Google Chrome.
The Optanon Auditor tool can be use as a limited software on your domain – but it should be good enough to offer you a preview of what you need to change right away. Don’t forget you only have a few more days to comply with the rules. According to official reports, companies not complying with the rules can get a fine for up to half a million British Pounds in the UK.
Some other steps you might want to take include creating a link where you explain your users everything about privacy issues and the cookies you use. Some of them might not know what you talk about while some other might not be interested at all. But it would mean a lot for the ones who want to know what they get into when accepting cookies from your page. If you show you have nothing to hide, users will not be afraid to come back to your website.
Explain users what cookies are for and that you do not use them for malefic purposes. Start with the advantages they can get: staying logged in, having their settings remembered and so on. Put focus on them because they are the most important.
There are several jQuery plugins you could use on your website to help you get acceptance from your users.
Another useful plugin is called EU Cookie Law Script and is developed by the pro web developers from CodeCanyon. The plugin costs $5 and shows a smooth slide down banner with a fade in bubble where text can be customized and introduced in order for the visitors to get familiar with the issue. If the user agrees, the banner slides away.
Silktide is the last useful plugin I found. Its advantage is that it comes as an open-source tool. The free plugin is easy to install by only including few lines of code. Users visiting the website will see a message dropping from the top of the screen which will ask them for cookie usage consent.
If you think the law is not something you can live with, then this website is made for you. NoCookieLaw was made for people who want to protest against the legislation. The site explains users why the Cookie Law is bad for user experience and allows them to sign a petition to stop the enforcement of the law on websites.
With SOPA/PIPA acts taking the spotlights in press all over the world, there is no question about why not many people heard of the EU Cookie Law. Although good intentioned, the law does not do so much good in the end and can confuse users and put European companies in disadvantage, according to NoCookieLaw.
Now I am not the one to judge. Yes, online privacy is an important issue that needed to be addressed. But is the European Cookie Law the perfect answer to a question that has been asked too many times? I will let you decide on that. What do you think?