As of midnight on 26 May 2011, The European privacy law came into force requiring websites within the European Union (EU) to obtain a visitor’s consent to install a cookie in their browser. The law contains lots of other (not very) interesting stuff, but I’ll pick at this thread for a bit and see what unravels.
Have a look at this page: http://www.ico.gov.uk/. See that banner at the top asking for your permission to set a cookie? That’s quite a big deal. If you accept the cookie, the site will work. If you don’t accept the cookie (or multiple cookies) the site will probably break and not work properly for you.
In the US, there exists no need to ask about this, so there’s an immediate advantage. US websites can assume that IF a user is accepting cookies automatically (check your browser settings folks), then the visitor is happy to view a perfectly working site. In the EU though, that’s not allowed. The EU sites must ask your permission and get you to decide whether to view a broken, or working website. Hmmm, not much of a question really is it?
Cookies are generally used by the good guys to remember things about your visit to a website – your preferences, or maybe where you got to in a form, what you last looked at in an online store – etc. The bad guys can use them for all manner of things but I’m not going down that road today.
Is it a self-perpetuating red-tape machine made simply to keep bureaucrats in a job? Well, frankly, yes. Here’s a kicker though – the same people who agreed to the law are now breaking it. Only two of the 27 member states of the EU have coughed up and enacted the new legislation as part of their own national laws. Good for you Estonia and Denmark! The rest? Meh, maybe do it in another 12 months, or have ignored it altogether. We know the UK government has promised to not bother webmasters over this move for 12 months. Maybe they’re hoping that the law gets changed because it’s unworkable and gives advantage to pretty much everywhere else in the world.
A few quick questions spring to mind though -
Who came up with this?
Some EU parliament guy who had to explain some embarrassing cookies from “Adult Themed Websites” to their dear partner? Probably.
Does the site have to be hosted in the EU for this to apply?
Dunno. No answer.
What about “Cloud Based” content?
I’m assuming that those servers in the EU serving your nice streaming videos will need to ask for your permission to set a cookie, but those of us watching the same vid from California will not be asked.
So, a terrible idea, poorly executed. Way to go Europe!
PS – I’m not a lawyer so don’t rely on my thoughts, but I’d be interested in hearing yours!