We’ve delved into the details and this example alone tells us a lot:
Analytics is not ok
The 4 cookies they did block were for Google Analytics. This suggests they don’t expect analytics to be allowed without explicit opt-in. That’s very bad news for analytics companies.
Cookies are ok, if you can’t figure out how to remove them easily
They consider their own session cookie ‘essential’, even though that cookie doesn’t do anything for the user on most pages except track them. In fact, we believe the only reason they’ve left it is because they don’t have the technical means to remove it. Their CMS almost certainly relies on it, for instance.
This may be a loophole they’re willing to tolerate, and offer protection for site owners with technology that can’t be used without cookies easily. Essentially what it means is “we tried to abide by the law, but it was too difficult – at least we’re trying”.
They don’t know what to write either
The text they wrote at the top is a kludge. The very people this law is trying to protect probably don’t even know what a cookie is, but the explanation given clearly assumes they do:
Even more interestingly, the purpose of the cookies that they wish to set is solely for tracking users (i.e. Google Analytics). But they don’t say that anywhere in this message.
So it seems we may be ok to just say something like:
Which probably doesn’t help anyone, but may be considered compliant.
Be grateful for small mercies.
Even the ICO themselves admit this isn’t a perfect solution, but seeing as they’re responsible for policing the issue their first attempt at it tells us a lot. Mostly we’re not filled with confidence.
The biggest question is how analytics and advertising companies will respond. Is their business about to be taken away from under them?
Updated 31st May 2011: We’ve learnt that RadioTimes have started doing something similar.
If you want to know more about the new cookie law, see our definitive guide.