Earlier this year, .net reported on the EU cookie law and the UK’s interpretation of it, along with a protest site created by Silktide, aiming to reverse the legislation. Since that time, various arguments have erupted online regarding what people have to do in order to make their sites compliant, something further confused by the Information Commissioner's Office (ICO) doing something of a U-turn at the eleventh hour.
Silktide MD Oliver Emberton has now released a new video about the cookie law, entitled 28 Days Later, reporting on the shambles. He told .net: “Enough time has passed since the law came into effect to draw some conclusions, so we decided to measure what real sites were doing. The results were so shocking we had to share.”
Emberton said that he’s met with a lot of organisations to discus the cookie law, and “generally awareness is high but understanding is low”. Typically, companies disagree internally about what to do, with many opting for a wait-and-see approach. Those that do something opt for what they perceive to be the absolute minimum, according to Silktide’s research: 76 per cent of sites simply added a link to a cookie policy.
According to Emberton, this isn’t what the law intended, but that’s where it’s headed: “It’s unpopular and without clear benefits or penalties. Laws like that don't tend to fare well in real life. It's a bit like making it illegal for people to tape songs off the radio – you're fighting human nature. It may simply be unenforceable.” Furthermore, Emberton noted in his video that the complaints procedure is overly complex; and although the ICO has claimed it’s received hundreds of complaints, Emberton told .net “that is actually an exceedingly low figure, given 95 per cent of UK sites – millions of websites – are likely violating the law. The ICO has made it extremely hard for any 'normal' person to raise a complaint.“
His advice to most web developers now is just to include a link to cookie law policy on every page, since in the “impossibly unlikely event that the ICO pursues a complaint, that demonstrates you're 'working towards compliance’”. Emberton told us he recognises this is a “sham” and does “almost nothing for the spirit of the law,” but added that it’s unobtrusive and covers the risk for most organisations. “If you're corporate or public sector you might want to go further, but apparently it's good enough for Amazon and DirectGov!”