The stupid cookie law is dead at last

Posted on January 31, 2013

60 responses

The organisation responsible for policing the UK cookie law has just announced that they will stop asking users for permission to set cookies on their own website. In other words:

The Information Commissioner’s Office - who for brevity I’ll call Fickle the Clown - says they’re doing this “so that we can get reliable information to make our website better”. They’ve changed their mind because “many more people are [now] aware of cookies”.

In future Fickle will use a banner to tell their visitors that by visiting their website they consent to the use of cookies, and they’ll link to a page explaining what cookies are and how to disable them in your browser. So exactly what websites were doing in 2009, except in a bigger font.

What better way to celebrate the history of this fading law then with an infographic? Here’s one we made earlier:

History has shown us that whenever a law opposes the will of the people, it doesn’t tend to do much. It may have been illegal to tape songs off the radio, but there’s little appetite from police officers to cart schoolchildren off to prison for it. And so it is here.

This law has been much derided and ultimately proven to be unworkable by the people charged with enforcing it. The ICO is simply doing the inevitable: ignoring the law as much as they can, until it goes away.

For more, check out Idea 15′s excellent critique of the law, and don’t forget to follow us on Twitter!

http://www.geeksquad.co.uk/ Matt Stephens

Great article and the infographics put the icing on the cookie!
Robert Faulkner

although ICO have not yet removed their cookie consent banner. so is it dead or not?
- oliveremberton
  
  They’ve announced it will come down at the end of January.
  - http://twitter.com/b2binternet BBI
    
    No, they’ve announced it will change at the end of January, not come down.
    - oliveremberton
      
      They’re moving from explicit opt-in (“Is it ok if we use cookies? Click here to agree”) to implicit (“We’re using cookies, if you don’t want them here’s a link to how to change your browser settings”).
      
      That’s back to where we were in 2009.
      - http://www.facebook.com/tOnYoYo Tony Knibb
        
        I like to think I’m partly responsible for this by emailing people complaints about how they require consent but then don’t remove their cookies when I say “no”…
Patrick Barnes

Good piece well put. Dead in the water is probably the best way to describe it. Or a zombie law: Neither alive or dead. But probably more dead.
Andi Gordon

Just cos they don’t follow the law does not mean the law is dead. It’s still the law. You are unlikely to get prosecuted for it, but *if* you do, claiming another site doesn’t follow the law is no defence, much like claiming another car was speeding too would not get you let off your own speeding ticket….
Utterly misleading article.
- oliveremberton
  
  The body responsible for enforcing the law has announced in advance that their own website will be changing from “click here to opt into cookies” to “by viewing our website you agree to use cookies”. They elaborate to say that this is now permitted by their own guidelines, because “many more people are [now] aware of cookies”.
  
  Therefore we can assume this is an endorsed approach we can all follow. Users simply need to be told a site is using cookies and have a link to information on what those cookies are.
  
  If you look at the ICO’s latest report they have been evaluating the compliance of websites “visually”. They literally look at them to see if they mention using cookies or not. If that’s their approach, then compliance is pretty much a joke, and has nothing to do with privacy. It has everything to do with putting a disclaimer somewhere on your site.
  
  The law in 2009 merely required sites to explain what cookies they were using via a privacy policy. After all the hooplah, we’ve come full circle.
http://twitter.com/idea15webdesign Heather Burns

Thank you for the link and for the astronomical traffic spike *slips £10 note under table*

This much I know:
1) The saddest irony of this saga is that the poor deployment and constant goalpost-switching around the mechanisms of the cookie law have meant that we have had no time to hold a meaningful discussion about online privacy and consumer protection. The original purpose completely disappeared in the implementation.

2) We’ve both been vocal on this issue because it’s important: not because we are selling cookie law compliance software (magic beans) or consultancy services. Perhaps it is time for those who are still using ideological zealotry as a sales pitch to admit defeat.
http://danielgroves.net/ Daniel Groves

Heh, and in all that time I never did get around to making any of my sites comply.
dataeverywhere

Fantastic!
http://twitter.com/JujuDigital Alex Adams

Whilst I agree that the law was ill founded it does still exist and if you’ve been following the progress carefully then you will have noted that the explicit obtaining of a visitors permission to place cookies on their devices was actually down-graded to implicit in the eleventh hour back in May 2012 just two days before the law in the UK was to be fully ratified.

For the 12 months preceding the 25th May 2012 deadline it was to be that explicit consent would have to be sought and the ICO as the governing body responsible for policing it had already amended their sites accordingly by way of leading by example.

Interestingly the ICO haven’t removed their explicit request for using cookies – but if you once check the permission box and click continue then they place a cookie called: ICOCookiesAccepted onto your system with the value true. Subsequent visits to the ICO site will repress the cookie consent banner.

So for clarity, stupid or not, the law still stands yet the requirement to obtain explicit permission never came into full force in the UK. It is still a legal requirement to inform visitors of your site’s usage of cookies but it is permissible to obtain their consent via implied methods. For example a visible banner with or prominent link to information about cookie usage accompanied by a statement to the effect that their continued use of the site implies that they have consented.

More enlightened site owners will also provide helpful information (or links to it) about managing cookies on their machines.

Disclaimer: I am not a legal professional, nor does this comment constitute legal advice – if you are in anyway concerned about how this law affects you then you should seek professional legal advice from a licensed and regulated practitioner.
- http://blog.paulgailey.com/ Paul Gailey
  
  you are correct in your observation about the eleventh hour change @twitter-55619210:disqus The consequences of compliant sites, at least in my experience, to date has been an effective damage to the site conversion rate, albeit slight in % terms but enough to impact business negatively. I agree with the spirit behind this post as the whole exercise has been a huge time waste and commercial loss.
  - http://twitter.com/JujuDigital Alex Adams
    
    @c755a1850995204bee2600cbc29eada5:disqus The negative effect in conversion doesn’t surprise me, I am assuming that you’re referring to sites seeking explicit consent? That being the case then it stands as corroborating the concerns of the community that this intrusive method of obtaining consent would be damaging to businesses.
    
    I agree that it has been a massive waste for those who acted promptly to become compliant.
    - http://blog.paulgailey.com/ Paul Gailey
      
      yes I am @twitter-55619210:disqus exactly that – because some sites were duty bound, coming under already heavy regulatory scrutiny in their vertical, and as trade body founders, to unequivocally toe the line, however much they may have disagreed with it.
- oliveremberton
  
  The ICO hasn’t changed their site yet. They’ve announced they’re about to, at the end of January.
  - http://twitter.com/awashtell Alex Washtell
    
    Well their site appears to be doing exactly what they’ve said they’re changing it to do in the page you linked to, so it appears the changes have been made.
- http://twitter.com/awashtell Alex Washtell
  
  Agree with you Alex, it just appears that the ICO have changed to the implied consent model, which is what most sites in the past year have been implementing anyway to comply with the law (in its updated form).
Abhishek Ghose

Schrodinger’s cookie law…
http://www.facebook.com/DavidGaleUKIP David Gale

How long before the EU rap the ICO’s knuckles and insist on compliance with EU Law?
http://twitter.com/benbarreth Ben Barreth

Probably some of the best infographics I’ve ever seen. You’ve somehow mastered the art of the sarcastic infographic. Congrats!
Kamrul Islam

Good article and the picture used to illustrate the matter. essay sample
bhashkarsharma

@oliveremberton:disqus I love your charts
- A fan from Quora
http://creativeblob.com Rob James

love the infographgic!
http://chriswoods.co.uk/ Christopher Woods

Ha! I was proved right all along about that utterly pointless cookie law. This is why no site I maintained had, has or ever will have a banner or anything like the pseudolegal bullshit seen all over UK web sites for months as a kneejerk reaction to the Directive.
http://twitter.com/Koozai_Tom Tom Howlett

This is great news. Was definitely frustrated with visiting different websites and seeing the different ways they went about implementing this. Made everything quite confusing as an outsider I imagine, not to mention the pop-up style annoyance.
Gareth

The law is not about implied consent anymore but making visitors aware about the sites cookie usage. The ICO are not removing their warning message, they are simply removing the need for user consent. That would suggest that the ‘cookie law’ is far from dead.
http://www.facebook.com/profile.php?id=705515260 Nicolas Durand

Excellent and funny article that illustrates well that (some) really stupid laws will not survive.

But how much time and money has been wasted by those who tried to comply? Just because some octogenarians thought it was a good idea?

Also, Olivier and Silktide, thank you for helping taking it down!
welshstew

Sensationalist and misleading headline there IMHO. The law hasn’t died, the ICO are simply making changes which are still in line with the regulations. In fact it is in line with what 99% of sites have done i.e. the bare minimum in order to comply.
Guest

Man, I love your visual aids.
iamrofe

This infographic appears to lack adequate sources.
Duncan Harris

I think you entirely missed the point here. This was just a failed attempt by the government(s) to stimulate the economy: all those people beavering away at extra work for no reason.
MC

Surely this is a god case study about what happens when legislature thinks they can perceive a problem with the way the internet is operating, and then thinks they have the expertise to legislate about it? Kind of like the sledgehammer to crack a nut piracy laws?

Just do one thing for us, govt: Enact proper net neutrality, and then leave us alone to get on with it. The internet is only where it is today because it has historically NOT been a bureaucratic nightmare.
James C

What this infographic doesn’t cover is the colossal time and money spent by businesses and agencies to work out how the hell to comply, getting legal advice, and then having to implement the feature on their sites.

We worked out that it takes the average business between £2k and £6k to go through that process, at a time when budgets are already under severe pressure. And now they face the choice of sticking with what they’ve got or implementing a revised version at yet more expense.
http://twitter.com/JohnWedderburn John Wedderburn

Not sure I agree with the spirit of this post – I would suggest that the ICO have helped interpret an EU law in the best possible way, whilst still respecting the spirit of the original directive. I listened to the ICO in 2012 and they were saying that opt-in consent was not viable then. This does not mean that the law has gone away – there is still a law out there which could ask you to prove you’ve done everything you can to inform people you’re setting cookies and why.
http://www.facebook.com/philip.kellingley Philip Kellingley

I have to say – this article made me laugh out loud. Beautifully put and well illustrated. 11 out of 10.
starburn

While the UK ICO are the ham-fisted u-turning enforcers of this law, I was under the impression this is an EU regulation driven thing, not something the UK was particularly keen on doing?
http://www.byandyparker.com/ Andy Parker

Did you know that it is an offence in England, Scotland & Northern Ireland to spit in a public space. Now go watch a football game and come back to me with your thoughts on law enforcement.
Dennis, ListsUK

1/ Thanks for a good article and an outstanding infographic; as per Ben, “the art of the sarcastic infographic” – please let’s see more of them rather than ones showing me how much traffic each social platform gets (yawn)

2/ That’s one thing I can tick-off my ‘to do’ list that’s been hanging around for the last 12 months+!

3/ To everyone who’s taken the time to post long, informative posts pointing out the various areas where Oliver may be mistaken, erroneous or just plain-wrong, may I respectfully suggest you revisit the infographic and chill for the minute – it’s very funny
Martin Jones

Brilliant update on pragmatic approach from the ICO. At least someone there has seen sense.
http://www.facebook.com/profile.php?id=100000006838022 Richard Robertson

Hey! Now I don’t know if a site is from UK any more. :p Every time I see the notice “By using this site… ” I laugh and promptly disable all of its cookies that don’t actually disable the site’s functionality simply out of spite.
It is almost as ludicrous as German sites with the “Imprint” message. Even though there are clearly better translations of the German word (“Legal” or “Legal Statement” are better choices) they still keep using a word that has an entirely different meaning than the one they intend.
John Prior

This is completely misleading. The law hasn’t changed, the ICO are just
changing their own implementation to use the implied consent model
they’ve been saying was acceptable since May, rather than the explicit
consent model they’ve currently implemented. There’s a climbdown there, but only insofar as they’re now going to be doing what they told people the minimum they had to do was, instead of more.
http://twitter.com/cgrainger Carl Grainger

priceless!
http://www.facebook.com/profile.php?id=523169610 Sam Jarvis

It was painfully obvious this law wouldn’t hold in it’s proposed form. These organisations cannot logistically propose laws which will benefit the user.
http://www.facebook.com/kevfquinn Kevin Quinn

The underlying problems still exist of course – that as a user you have no
effective control over what information is tracked, who gets access to
it, and what it’s used for.
sam

You are very good author of legal articles, I wish you to write something to the section of prison legal news on Attorney Online. You and your friends who provide legal services also can submit contacts to Attorney directory and post to Attorney Blog. By the way I also can write something to your legal blog. Contact me please.
http://twitter.com/DavidLakins David Lakins

Great infographic – very tongue in cheek – like it. Cookie Law is dead and buried now – we hope ;0)
Pingback: Frank Carver's Punch Barrel / The stupid cookie law is dead at last
Johnson

The ICO has not changed their guidance. And, more importantly, the EU legislation has not been changed, nor has it been tested in court. It is premature and simplistic to claim it’s dead. And your ageism re “octogenarians” does nothing to help make your point.
http://twitter.com/toodlepip Sam Michel

Love the infographic, we’ve blogged it as part of our follow up on the original Cookiepocalypse – 90% drop in website traffic if the law was implemented stricly – on Chinwag – http://chinwag.com/blogs/sam-michel/war-cookies-over-cookiepocalypse-ends-infographic
Jake

Presumably the web developers are dancing in the streets while on the way to the bank with their latest haul of cash
Richard King

It was a stupid law that should never have been implemented in the first place, bloody ridiculous and I live in the UK..
Renato Aquilino Pujol

Congratulations for the infographics. As we use to say “a picture tells more than one thousand words”.
http://twitter.com/reviewscouk Reviews.co.uk

Nice infographic, stupid law.
Squarefish Inc.

I must say that this article made my day. Good job on the infographics as well.
Pitchy

Taping music from the radio – What decade are you living in
http://nitw.it/ George

lovely…
http://www.bigredrocket.co.uk/ Richard Hartley

I was so pleased when the great cookie mess was finally over. What a waste of time and money. Yet again the European bureaucrats not thinking things through to their conclusion and seemingly not taking any advice of those who actually work in the digital marketing industries. Rant over. Great article and the infographics are a cool. Has anyone cracked the cookie crumbling joke yet. Nope, just me again.
http://www.biztechconsultancy.com/php-development-india.htm php development india

I like your info-graphics and must says that, you had done such a hard work to made this info-graphics more impressive and better.

Silktide blog

Want more?

The stupid cookie law is dead at last

Test your website with

Want more?