Monday, 28 May 2012

That's the way the cookies crumble

If you have a website, you live in the EU and you aren't the slightest bit nervous about the European Cookie Law, you ought to be. This sounds like a 'Yes Prime Minister' plan by the EU that says we should stop calling biscuits 'cookies' (dratted American influence) and instead have to all call them biscotti. But no, the EU is trying to interfere with the internet.

Cookies, as I'm sure you are aware, are little files that websites use to store information on your computer. Of itself a website has no memory. A cookie lets it keep a note of some information and come back to it next time you visit the site - essential, for example, if you want it to remember what you've put in a shopping basket. The EU has decided, in its overpaid wisdom, that sites using cookies should be forced to ask visitors whether they want cookies to be used.

But isn't this stupid?

It certainly is, on a number of levels. First the EU doesn't own the internet. It really shouldn't attempt to apply this kind of petty jurisdiction. Secondly cookies are pretty harmless and many of us value the way they keep info so we don't have to re-input it. Thirdly every browser has a mechanism to block cookies, so why force the site to offer it as well? (And in principle, from Saturday when the law came into force, this is exactly what is legally required.) Finally, and with a real Sir Humphrey flourish, guess what is the only way a site can remember that you don't want it to use cookies? You guessed it. With a cookie.

Time to panic!

I had vaguely heard of this law, but it didn't really sink in until last week, with days to go. Like most operators of little websites, I have no idea if my sites use cookies, and no idea how to provide an opt-out. It might seem strange that I don't know if I use them, but anyone who uses site builder software like FrontPage or Rapidweaver, or a content management system like WordPress or Drupal (or even Blogger or WordPress for a blog) has no idea if that software is making use of cookies without explicitly mentioning it to its owner. This legislation is fine for big companies with dedicated professionals crafting HTML - it is a nightmare for all the rest of us.

No, no cookies here
So do I use cookies?

Luckily there is a way to find out. Fire up Firefox (if you don't use this browser it's free to download) and visit here to get the 'view cookies' add-in. Take a look at your web pages and when you are on a page, in Firefox select Tools > Page Info. Click on the 'Cookies' tab and it will tell you if your page has any cookies in it.

One place you will always find them is any site that remembers your login information - so if your bank, for instance, hasn't checked if you want cookies, technically they are breaking the law since last Saturday. Naughty banks.

A randomly selected bank breaking the law


What was the outcome?

I was, on the whole, clean. The WordPress login page has one, but unless you make users login, this doesn't apply to them. The only place I did have them was where I'm selling things: as soon as you use, say, a Paypal shopping cart you are loading on the cookies.

Does this mean I had to provide an opt-out?

Luckily, no. There is an exception to the need to offer opt-out if the cookies are being used for an essential function like a shopping cart. I am gradually adding a privacy statement to sites that do this, making the situation clear, but there should be no breach of the law.

So if you have websites, no need to panic, but for peace of mind it might be worth checking what's going on in those pages. Oh, and to think once again, do we really need to be part of the EU?

Image from Wikipedia


No comments:

Post a Comment