How a Cookie Law Crumbled

According to UKCookieLaw.org, the EU Cookie Law became effective in May of 2011, at which time the U.K.’s businesses were given a 12-month compliance window to come into line with this controversial law, created in response to amendments of the EU’s Privacy and Electronic Communications Directive.

“With a goal of ensuring websites are not tracking you, reporting on you and using your information and data without your permission that law is based on sound principal,” states a UKCookieLaw.org representative. “There has been much interpretation of how to implement the law and that debate continues.”

All that energy was directed at interpreting a confusing and counter-productive law instead of actually making changes that could help people’s privacy.

“The law does not tell you or dictate to you how to comply with it,” the rep explains. “The Information Commissioner monitors and enforces the law and is the body that can issue fines against website owners and ultimately take criminal proceedings. At the time of writing the likelihood of fine or criminal prosecution is low.”

The U.K.’s Information Commissioner’s Office (ICO), responsible for establishing the guidelines forcookie law compliance, sent a signal to website owners that the burden of the new law may indeed be for naught, when it not only revised the law days before its enactment, but also changed the way its own website handles cookies and compliance — by moving from an explicit to an implied consent model, not unlike the common practice in use since 2009, “except in a bigger font,” as one observer noted.

“This law has been much derided and ultimately proven to be unworkable by the people charged with enforcing it,” Oliver Emberton wrote for SilkTide.com. “The ICO is simply doing the inevitable: ignoring the law as much as they can, until it goes away.”

Emberton is not alone in his disdain for the legislation, which stems as much from its hamhanded approach as from its goals.

“It is almost as ludicrous as German sites with the ‘Imprint’ message,” Richard Robertson commented. “Even though there are clearly better translations of the German word (‘Legal’ or ‘Legal Statement’ are better choices) they still keep using a word that has an entirely different meaning than the one they intend.”

Perceptions of its uselessness aside, the cookie law remains very much in effect — with its last minute changes making it even easier for website owners to comply with.

For example, explicit permission from visitors before using cookies was modified to implicit acceptance. This is great news for publishers, as a 90 percent drop-off in visitors was reported by sites requiring explicit consent — such as the clicking of a checkbox that indicates the informed acceptance of cookies.

Obtaining implicit consent, on the other hand, may be as simple as displaying text or a banner linking to further information while informing the user that the site uses cookies, and that his or her continued visitation gives the practice the green light.

It sounds easy enough, but it seems a bit too much to handle for some companies.

A report by online privacy firm TRUSTe revealing the results of its analysis of more than 200 of the most popular U.K.-based websites, finds that while around half of these websites offer some form of privacy notice and cookie controls, around 37 percent seem to have taken no action towards complying with the law.

Of those sites found to be using third-party cookies, half had less than 25 cookies and 35 percent used 26-50 cookies, while 16 percent used more than 50 third-party cookies. Although 56 percent of studied sites used moderate to high levels of third-party trackers, only 17 percent of them have substantial cookie controls and prominent privacy notices, underscoring the scope of non-compliance — intentional or otherwise.

According to TRUSTe, creative, user-friendly approaches towards compliance are best when they are simple for users; provide easy cookie control settings; and individual descriptions of the cookie’s purpose. For example, displaying clear privacy notices that link to a page explaining what each cookie does while providing easily accessible cookie preference controls, in an audience friendly manner, is heading down the right track.

“Based on our analysis,” TRUSTe CEO Chris Babel stated, “it is clear that many companies have started to take the EU cookie directive seriously and devoted time and resources to implement a compliance solution that helps their users control the tracking activity on their site.”

Complaints to the ICO of sites using cookies without users’ permission are reportedly a fraction of those received in regards to other offenses. While fines of up to £500,000 ($774,150) may be imposed by ICO for non-compliance, enforcement letters are likely for websites making a good faith effort towards complying with the law.

That good faith effort can get a substantial jump start by following the ICO’s advice (www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx), along with its example; especially in how it informed visitors about changes (www.ico.gov.uk/news/current_topics/changes-to-cookies-onour-website.aspx), such as the following excerpt:

“The cookies we use are explained in detail on our cookies page. Cookies are used mainly to give us information that helps us make the website better,” states the ICO site. “By finding out how people use the website, we can make improvements that will help more people get the important information they need to either exercise their information rights or meet their obligations. The information collected via the cookies does not identify anyone.”

The ICO site now features a banner explaining that the website uses cookies and tells users that they can either change their cookie settings on the site’s new cookies page, or continue on to the site. By separating the cookie page from (but linking to and from) its Privacy Policy notice, the prominence of the information is increased, while providing website users with clear, detailed information about the site’s cookies and how to manage them using buttons that allow users to allow or deny non-essential cookies. Limits on the geographical information collected by the site’s analytics cookies were also imposed.

The ICO rationalizes the changes in its compliance strategy by stating that it made the changes “so that we can get reliable information to make our website better,” a statement that left many website owners asking, “What about [ICO’s own] rules on cookies?”

The organization maintains that it is indeed compliant with the latest rules and its own guidance in this area, pursuing the new policy due to better educated Internet users.

“We first introduced a notice about cookies in May 2011, and at that time we chose to ask for explicit consent for cookies. We felt this was appropriate at the time, considering that many people didn’t know much about cookies and what they were used for,” states the ICO website. “We also considered that asking for explicit consent would help raise awareness about cookies, both for users and website owners.”

“Since then, many more people are aware of cookies — both because of what we’ve been doing, and other websites taking their own steps to comply,” ICO added. “We now consider [that] it’s appropriate for us to rely on a responsible implementation of implied consent, as indeed have many other websites.”

It sounds like a case of “if you can’t beat them, join them” — and a smart idea at that.

Website owners, designers, developers and other stakeholders have faced frustrations over the cookie law and how it can best be complied with, while not placing a roadblock between website visitors and website content. It is not only the traffic loss resulting from cookie warnings and the unnecessary legal and implementation expenses occurred due to compliance attempts targeting a constantly changing regimen; it is the effort’s futility and mixed characterizations that adds insult to injury.

“The saddest irony of this saga is that the poor deployment and constant goalpost-switching around the mechanisms of the cookie law have meant that we have had no time to hold a meaningful discussion about online privacy and consumer protection,” stated Heather Burns of Glasgow-based Idea15 Web Design. “The original purpose completely disappeared in the implementation.”

It is a sentiment echoed by Emberton and others.

“All the complex solutions, which actually blocked certain cookies and so forth, were a waste. The panic, meetings and audits were certainly a waste,” Emberton exclaimed, noting that “the people who simply put a cookie page up apparently did the right thing.”

“All that energy was directed at interpreting a confusing and counter-productive law instead of actually making changes that could help people’s privacy,” Emberton added. “As most people don’t know what cookies are, banners saying, ‘we use cookies’ are pointless.”


Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles


What's Hot Now: Leading Content Players on Trending Genres, Monetization Strategies

The juggernaut creator economy hurtles along, fueled by ever-ascendant demand for personality-based authenticity and intimacy — yet any reports of the demise of the traditional paysite are greatly exaggerated.

Alejandro Freixes ·

An Ethical Approach to Global Tech Staffing

One thing my 24-year career as a technologist working to support the online adult entertainment industry has taught me about is the power of global staffing. Without a doubt, I have achieved significantly more business success as a direct result of hiring abroad.

Brad Mitchell ·

Finding the Right Payment Partner

Whenever I am talking with businesses that are just getting started, one particular question comes up a lot: “How do I get a merchant account?” It’s a simple question, but it has a complicated answer.

Jonathan Corona ·

The Taxman Cometh for Every Business

February may be the month of romance, but it is also a time when we need to think about something that inspires very little love: taxes. April is not far away, and the taxman is always waiting. This year, federal and most state income taxes are due Monday, April 15.

Cathy Beardsley ·

The Continuous Journey of Legal Compliance in Adult

The adult entertainment industry is teeming with opportunity but is also fraught with challenges, from anticipating consumer behavior to keeping up with technological innovation. The most labyrinthine of all challenges, however, is the world of legal compliance.

Corey D. Silverstein ·

Alexzandra Kekesi Takes Charge as Aylo's Head of Community and Brand

While Alexzandra Kekesi was earning her bachelor’s degree in women’s studies from the Simone de Beauvoir Institute at Concordia University, feminist thinkers influenced her deeply, inspiring her passion for sex work advocacy.

Alejandro Freixes ·

New Year, New Tools for Tackling Chargebacks

Happy New Year! Looking back, 2023 saw some important developments for the industry. Visa lowered the limit on credit card surcharges to 3%, AI continued growing fast and Mastercard published an update to its Business Risk Assessment and Mitigation (BRAM) program.

Jonathan Corona ·

The Next Frontier in Computing, Storage Is Here

While I typically steer clear of diving too deeply into the technical nitty-gritty, in this month’s column I’m making an exception, because there’s a technological evolution underway that has the potential to fundamentally enhance technical outcomes and, more importantly, grow revenue.

Brad Mitchell ·

Raising Awareness and Taking Action Against Financial Discrimination

While foes of the adult entertainment industry often focus on “moral” concerns and perpetuate social stigmas, another form of attack can be equally or even more damaging: financial discrimination.

Corey D. Silverstein ·

Beyond DMCA Takedowns: Exploring Alternative Avenues

Most content creators recognize that inevitably, their content will be leaked on pirate sites, forums and file lockers. The most responsible and successful creators have therefore implemented a strategy to protect their valuable intellectual property.

Lawrence Walters ·
Show More