Tuesday
Aug282012
Has the EU cookie law made your web experience better or worse?
Tuesday, August 28, 2012 at 3:00AM Another question from Peter M. today. The EU cookie law came into force on 26th May 2011, forcing UK websites to obtain implied or informed consent to store cookies on your hard disk. Since then, you will doubtless have noticed informative banners popping up on almost all the UK websites you use. Ironically, the only method which websites can use to 'remember' your cookie wishes is to store a cookie with the value. Therefore, if you reject cookies, you will forever be plagued with these popups. You can guess how I personally feel about the cookie law - just see the screenshot, posted here, of the BBC website as rendered on my iPhone.
My question for you is: has the EU cookie law made your web experience better or worse?
Reader Comments (9)
There seems to be a little confusion — by which I mean a lot of confusion — as to the change in law which brought this about; the requirement of consent has been in statute since 2002.
The original clause read:
The key words for this discussion are in bold. In other words, the service provider (in the case of a cross-site marketing cookie, the cookie provider, rather than the website) could assume that it had consent unless the customer has told them otherwise, but was always required to provide clear and comprehensive information, to satisfy the requirement of fair processing of personal data.
The revised clause reads:
Arguably the only thing that has changed is that, to be able to argue that consent has been obtained, the notification about the processing of personal data has been made more transparent in the case of non-essential cookies. Consent can still be implied — it was generally implied consent which legitimised the placing of the cookie under the original requirement — just on the basis of greater transparency.
As a rule of thumb, I am in favour of transparency on this sort of thing — users should know how their personal data are being used. Leaving it to a user to read a site's terms and conditions is entirely ineffective, as few, if any, actually read these things. However I do question whether the imposition is proportionate here, given the impact on user experience. However, perhaps people will start to question whether they need to be processing personal data as they are today, rather than putting up ugly "consent box" they might design sites in more privacy-friendly ways.
It seems wrong for the onus to be on browser developers to build cookie-handling systems, so that those placing cookies can just say "set it how you want it in your browser," unless those placing cookies are helping fund the likes of Mozilla in developing Firefox, but I can see the attractiveness of such a solution, rather than requiring a per-site notification.
Neil,
My own products use an optional cookie and all it does is provide one additional, useful, management analytic to my customers. It's fairly trivial, I'm glad to say. People often think cookies are a privacy issue, but in many cases they are not; letting a website know that you have visited more than once is not a breach of your privacy, as the site still doesn't know anything about you - it's anonymised data.
While cookies can conceivably be used in a way that affects an individual's privacy, I'm willing to bet that a majority of cases - and I DO mean those covered by the cookie law - have no real privacy implications.
Beyond that, clicking a multitude of notices about cookies has become part of my daily internet slog and it just makes the experience that little bit worse. In my view, the trade-off wasn't worth it.
I'm in two minds even about that kind of cookie.
I can understand the notion that it does not communicate personal data, and does not allow the tracking of an individual and, on that basis, falls outside 95/46/EC, and so should not be subject to regulation — it's only in because of sloppy drafting, since the clear reference to the fairness provisions of 95/46/EC indicate that it should only relate to personal data.
Conversely, I value the independence and integrity of my computers — the cookie is not an essential part of the site, and most likely offers very little benefit to me. Indeed, it's there as a service to the provider. Since it's not an intrinsic part of the site, I should have control over whether it is downloaded to my computer, in the same way that I would if Royal Mail wanted to stick something on my door to indicate if they had delivered something to me before.
Well, you really are in control, because you choose whether to visit the site or not and download the web page. The cookie is, arguably, part of the intrinsic function of a site. Sites produce anonymised web analytics and some of those require a cookie.
These days, web pages are more like applications. One of the products I make is a live chat system. I use a cookie in it to store when NOT to bother the customer, i.e. if they have dismissed the chance of a chat on once page, I don't bother them when they are surfing other pages.
None of this affect the independence and integrity of your computers. A cookie is tiny compared to a web page download, can be wiped at any time and in most cases does nothing more than give the service provider information that can help them tailor their service better for you.
My argument against the current law is that it is overzealous - failing to differentiate between simple analytics services and cross-domain advertising architectures that track your search requests via multiple websites.
The result of this blanket policy has been to make us all just a bit more annoyed.
That's the difference, I think — such a cookie is not an essential part of the site. Not having it would not change the user's experience, and so should require particular permission.
I can't make an informed choice about it, since it is deployed when I visit — hence the requirement to tell me before it is deployed. That might challenge the way things are done, but I can see it making sense.
(The point about integrity — I appreciate a cookie is easy to wipe, but so is an egg thrown at your window, and you don't consent to having eggs thrown at your window just because someone can :))
Honestly, I don't notice a difference. If I want or need to go to a website I just accept whatever is needed, otherwise I don't go there.
To answer the question, the websites that are using explicit consent are making the web experience worse. The reason, so many sites are asking the question. Yes they are doing the right thing legally but from a user experience perspective it is annoying. Additionally it is teaching people just to answer Yes to almost anything that is requested. It is nearly as bad as all thise terms and condition requests everyone has to agree to when buying goods or services. The implied route is much better, that is a warning notice is given and the visitor has the option to explicity say No, perhaps with an option to go to a Cookie free area. With the implied route a cookie cannot be set unless the visitor has continued further into the website.
Therefore cookies such as Google analytics need to be switched off until the visitor agrees to cookies by say clicking on a link to elsewhere in the website.
Neil the majority of uses for cookies have nothing to do with privacy. They're necessary for providing a consistent experience, for example, and many other non-invasive reasons. Unfortunately all cookies have been lumped together.
It was Google's re-marketing that caused the furore (basically chasing you around the web with ads for other sites you've visited). However I haven't heard anything about sites pointing out to their users that some of the cookies are used for that purpose, and perhaps offering an opt-out just of that functionality. So what was the point of all this?
Charles from what I've seen most sites are giving you the option of accepting the cookies or not using their site.
Given how necessary cookies are I can't say I blame them.