EU Cookie Law
Many people have heard about the EU cookie law now, and we’re seeing more and more websites showing popups about cookies as a response to it. But, there is a great deal of confusion about what it means in practice for website owners.
What is a Cookie?
A cookie is a piece of text that is sent from the server when you visit a page. It is stored on your computer and your browser sends the cookie back to server each time you request a page from that website.
Cookies allow the website to verify that you are the same person visiting the site again. This can be used for things like keeping you logged in to a site, allowing you to add items to a shopping cart, or to track if you’ve visited the site before.
Are cookies bad?
Cookies themselves aren’t bad, they can’t do anything malicious to your computer, or allow access to any other data on your computer.
What’s all the fuss about then?
One example is that web pages can include widgets embedded within them such as adverts, or a like button, which will store cookies from the owner of the widget, not just the website owner. If you visit lots of sites with such a widget on, is possible for the widget owner to track you across multiple sites and collect information about which websites you’ve visited and potentially what you’ve been doing. Collecting this level of information is often considered too excessive.
The Cookie Law
About the cookie law
The cookie law comes from the EU’s e-Privacy directive. It’s about making websites more transparent about what they’re doing, and what data they’re collecting. It’s often not transparent to the user who’s doing what exactly when you visit a web page.
What does the cookie law require?
The cookie law is not prescriptive in the sense that it doesn’t tell website owners exactly what they need to do to comply. It puts to onus on the website owner to review the cookies that are sent when browsing their website, be transparent about what’s happening, and gain consent for the use of the cookies in a way that is appropriate for their site.
What does gaining consent mean in practice?
This is what many people are debating. You need consent to store cookies, but “implied consent” is also a valid form of consent for some cookie use. Many site owners have opted for the safest option of display a popup as the site is first visited and explicitly asking the user to opt-in to allowing cookies for that site. This obviously provides pretty bad user experience, as everybody hates sites that have popups.
Is the law a good thing?
Making websites more transparent about what they’re doing has got to be a good thing. Making every website implement a popup displayed each time a user visits a site is clearly just annoying, frustrating, and provides absolutely no guarantee that the information a website provides on cookies use is correct. But presumably the law gives the authorities more power to act on the malicious sites than they did before.
If you want to be sure what cookies are being sent, or to delete, or disable them, you can do this in the web browser.
Everyone needs to be a cookie expert?
What about someone running a small blog? Perhaps it’s running on WordPress and they have the technical ability to install a new theme and a few plugins to put various widgets on their pages. Do they now also need to become a cookie expert, perform a full audit of the cookies used on their site, and implement an appropriate consent model to get permission from their users? If not, they may get busted for illegal cookie use. That doesn’t seem reasonable or particularly beneficial to society.
Implied Cookie Consent Plugin for WordPress
What with all the confusion about what’s required, there are a ridiculously large number of plugins available for WordPress that help the site owner comply with the cookie law. I found that many of them were overly complicated to setup, or were too annoying for the user. Modal popups are a great way to turn away new users and increase your bounce rate. As none of these plugins seemed to do what I wanted, I decided I’d need to write my own solution. I’ve made it into a plugin and it’s now downloadable from the plugins repository.
The colour and content of the information bar can be customised via settings in the admin. The information bar links to a page where the site owner can put their own text about the cookies used.
See the Implied Cookie Consent WordPress plugin in use the first time you visit AntarcticGlaciers.org, or on this site.