First example of new cookie laws in effect: brace yourselves

Update: We’ve since published a much more up to date guide to cookie law.

The body responsible for the new UK cookie laws have just updated their website to abide by them, and the result… isn’t pretty:

The ICO homepage showing the cookie confirmation box at the topVisiting any page on their site shows a message at the top. Visitors must click the checkbox and the Continue button to remove the notice. If they don’t, the same notice appears on every page.

We’ve delved into the details and this example alone tells us a lot:

Analytics is not ok

The 4 cookies they did block were for Google Analytics. This suggests they don’t expect analytics to be allowed without explicit opt-in. That’s very bad news for analytics companies.

Cookies are ok, if you can’t figure out how to remove them easily

They consider their own session cookie ‘essential’, even though that cookie doesn’t do anything for the user on most pages except track them. In fact, we believe the only reason they’ve left it is because they don’t have the technical means to remove it. Their CMS almost certainly relies on it, for instance.

This may be a loophole they’re willing to tolerate, and offer protection for site owners with technology that can’t be used without cookies easily. Essentially what it means is “we tried to abide by the law, but it was too difficult – at least we’re trying”.

They don’t know what to write either

The text they wrote at the top is a kludge. The very people this law is trying to protect probably don’t even know what a cookie is, but the explanation given clearly assumes they do:

On 26 May 2011, the rules about cookies on websites changed. This site uses cookies. One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete and block all cookies from this site, but parts of the site will not work. To find out more about cookies on this website and how to delete cookies, see our privacy notice.

Even more interestingly, the purpose of the cookies that they wish to set is solely for tracking users (i.e. Google Analytics). But they don’t say that anywhere in this message.

So it seems we may be ok to just say something like:

This site uses cookies to offer the best possible experience for users. To allow cookies click here, or parts of this site won’t work.

Which probably doesn’t help anyone, but may be considered compliant.

Their solution is spiderable and works without Javascript

Be grateful for small mercies.

Conclusion

Even the ICO themselves admit this isn’t a perfect solution, but seeing as they’re responsible for policing the issue their first attempt at it tells us a lot. Mostly we’re not filled with confidence.

The biggest question is how analytics and advertising companies will respond. Is their business about to be taken away from under them?

Updated 31st May 2011: We’ve learnt that RadioTimes have started doing something similar.

If you want to know more about the new cookie law, see our definitive guide.


Watch quick video tour of Sitebeam

Test your website with

or see prices & plans