There’s a flurry in the bird coop today. Those sly foxes at Sitemorse set the residents a flapping.
And the reason for them being discombobulated so? The impending placement of EU regulations on cookies, and their use, by web publishers.
A law passed in 2009 is due to become enforceable in May of this year. Wrapped up in a confection of seemingly disconnected legislation is a piece of ‘nut-case’ brittle just for us to crack our teeth on.
You can read the law here… Tedious in the extreme. Best look here… and here… for a clearer view of what this really means.
It seems that even Struan Robertson web law guru ( then of Pinsent Masons – now of Google I believe) thought the legislation was at best badly drafted.
Robertson is quoted here… as saying:
“However, the problem here is the law itself. It is a shambles. It’s ambiguous and potentially contradictory and unhelpful not just to businesses but also to consumers. The lawmakers should have found a way to safeguard consumers that didn’t burden them with making decisions on complex relationships and technologies, and that didn’t set up a user barrier at the front door of every website.”
Our understanding is the ‘ambiguity’ mentioned by Robertson does not seem to have stopped the UK lawmakers from cutting and pasting the EU legislation into UK law ( still to be verified at time of writing). In France the legislators are considering the option that browsers ask the user every 3 months if they wish to accept cookies. If each country decides to make a different interpretation of this EU law then the resultant cookie soup will surely make the whole process inoperable, resulting in no meaningful change to the way cookies operate now.
DON’T PANIC 1
There is wriggle room, as you would expect from something described as a shambles.In the recital to the 2009 law it says…
“Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user.”
That’s OK then. Isn’t it? The recital goes further, saying…
“Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application.”
That’s even better. No?
(Recitals are meant to explain the lawmakers’ rationale and sometimes they’re used to resolve ambiguities. They are not meant to contradict the business end of the Directive – and this recital sounds like a contradiction. Wriggle room indeed.)
Needless to say the Advertising folks have taken this to be as instructive as a green-light. I’m not sure the ICO, if that is the authority tasked to pursue us for the £5000 fines for breaking the rules, will see it that way. Here is what the IAB (Interactive Advertising Board) has stated…
“the law now clarifies that websites can rely on browser controls and similar applications to define the acceptance of cookies. Publishers and online marketers support this approach because greater transparency, user-friendly information and easy cookies-management will increase consumer trust and confidence.”
However, PANIC, because “Cookie consent can’t be implied from Browser settings say privacy watchdog.”
Read the article here…
DON’T PANIC 2
Have you noticed how most of this appears to be about advertising and the resultant cookies? I can see why those in commerce would be troubled by this legislation but, and it’s an uninformed attempt at sanity type of but, wouldn’t most, if not all Local government web sites, be covered by this…
“Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user”? You decide.
As with all legislation, and particularly when this is so apparently badly drafted ( described here… as being a “monumental regulatory failure”) strict compliance is difficult, if not impossible, so a strong attempt at complying with the spirit may be sufficient, at least until the legislators sort themselves out. And when will that be? (Gallic shrug) It’s Europe!
First published 12.00 Thursday 20th January.