Meh to Cookie law
Written for The Times in May 2011 but they didn’t use it. Luckily I’ve broken the jinx and they have published my most recent effort here, but I can’t stick that online for a week or so for paywall reasons.
If proof were wanted that the Eurosceptics occasionally have a point, let me direct you towards a new bit of legislation covering websites in Britain and other EU countries. It comes into force on 26 May 2011 and requires UK websites to get consent before storing or retrieving information on users computers.
The law covers cookies, a term that might need explaining. Named after fortune cookies it’s a small bit of data that a website leaves on your computer. And like a fortune cookie, if you open it there is a message. Not, “too much Chinese food has given you indigestion” but often “this person has visited this site”.
The tech is widely used to generate stats about site visitors so the owners can make decisions about what do next. Say if The Daily Mail gets a lot of traffic on a story about some celeb has gained a few pounds, then it’s a hint to commission more stories to make women neurotic about their bodies.
However cookies CAN be used to track people, most often used to make sure people are shown a variety of banner ads based upon their browsing history rather than getting the same advert for Easyjet everytime.
So in a ham-fisted attempt to improve people’s privacy on the web, the EU has forced a directive onto our parliaments to make sure that EU sites have to both explain “informed consent” and get it, probably by sticking up a pop up box with a checkbox for every site you use.
Fixating on the role of cookies is not only an incredibly dated perspective – the last time most people cared about this issue was in about 1995 – but also wildly missing the point. It’s like saying there should be a warning on bricks because violent thugs throw them through windows – the bad bit is not the brick but the violent behaviour. Likewise, the cookie should not be blamed for people who want to track other users online – it is this kind of behaviour that should be tackled. Legislate against the crime not the tool.
Making a big deal about cookies will do zilch for privacy, as there are other nefarious ways to track users across the web. The most obvious one is using the user’s ‘digital fingerprint’. This consists of the unique combination of the specifics of your browser, IP address and what plugins you’ve got installed.
Privacy issues aside, the potential for this legislation to damage UK websites and users is enormous.
Firstly it makes it confusing to use websites – the first thing that you get when you visit a new site is an irritating message about cookies rather than information about what the site offers. This would be very off-putting for anyone who is not very tech-savvy.
Next, the EU laws would give a competitive advantage to American sites, which would not be burdened with a load of annoying pop-ups? This is incredibly unfair to any UK based entrepreneurs attempting to start a new company. This gives UK businesses yet another reason to move their operations offshore. If your business is registered outside the EU then these laws do not apply to you.
One of the real losers from this legislation will be the BBC, which is one of the few genuinely
world class websites run from the UK.
The advice currently given by the Information Commissioner’s Office (the body that regulates how information is stored on computers) is not very specific. A look at their website reveals statements like : “it’ll be a challenge” and “you need to think carefully”, suggesting that they don’t have a clue what to do with this stupidity either, despite a potential £500,000 fine for non compliance.
My hope is that we all ignore it and the law falls flat on its cookie-doughed bottom.
