To: Mr David Cameron, PM
Fr: Will Edwards
Dear Mr Cameron,
The new UK Cookie Law that came onto the statute books back in May last year, as a result of an EU directive, is giving us a quite a headache at the moment. Though we are beginning to see a possible way forward, it will be a painful process because there will be a lot of work we will need to do to conform to the letter of the law and in addition, certain changes that may be forced upon us could seriously affect our business.
Our site, apart from the Blog, was originally created using Microsoft’s Frontpage and, later, Expressions Web. I am not a fan of either piece of software but, back in the early days of the web, the great CMS tools such as WordPress, Joomla and Drupal were simply not available. The rendered page looks great but the Microsoft products create just about the worst looking HTML you could possibly imagine.
So part of the difficulty we face, in conforming to this new law, is that we have thousands of pages of static HTML created by those programs and no real way of introducing a popup for every static page without manually editing every one of them. As you may be aware, the ICO seem to be suggesting the use of a pop-up (or slide down accordion) to inform visitors about cookie activity as a way of notifying users and obtaining consent.
Looking at the Blog, the problem is much easier to solve. There is a WordPress plugin that will do the job for us. We have tested it and it already looks quite promising. It would not surprise me if several more of these plugins become available before the May 2012 deadline by which UK sites will need to conform to this law.
Provided we can import the static pages into the WordPress CMS, that would give us a huge part of the solution. That’s easier said than done, of course, with thousands of pages of HTML to be tackled separately, but in principle, it is doable. However, there are additional technical difficulties to overcome. For example, we want the new pages created via WordPress to retain their old static urls so that external links will be retained and the site will not suffer in terms of search engine rankings. We are looking at a number of additional plugins that might be able to handle this.
The above should enable us to get the site to conform to this new law, but that’s not the end of the matter by far. We have two other things we need to consider. Firstly, 3rd party cookies i.e. cookies set by external sites like Google and ClickBank. I notice that today Google has changed its Terms of Service and I have not yet had time to fully digest the new terms, but the changes do seem to be in this area i.e. addressing privacy issues. We have already written to ClickBank to ask what they intend to do in response to this new law.
Secondly, our own 3rd party cookies that are set when someone from an external site refers a visitor to our site. This enables a referring affiliate to earn a commission if the referred user purchases one of our products. This is a bit more of a grey area because provided the referring site also conforms to the new law, there should be no problem. But, in a sense, that is the problem because we have no way of ensuring that a referring site will conform.
The above almost certainly means we will have to completely change the way our affiliate program works. At worst, this could even spell the end of our involvement with ClickBank if they cannot solve the problem of getting user consent when they refer a UK visitor to another site via a cookie. We simply don’t yet have the solution for this difficulty.
This new UK law, like the recent SOPA bill that is going through the US Congress, is another example of a well-meaning piece of legislation that has gone seriously wrong. The EU could be responsible for putting a lot of people out of business by attempting to tackle the serious problem of personal privacy in entirely the wrong way.
The right way of tackling the problem, in my opinion, is at the level of the browser; not at the website. All browsers already have the facility to allow users to turn on/off cookie activity. If the EU insists on requiring the internet to conform to the principle that cookies should not be set without user consent, then browsers should be designed to better facilitate that requirement.
Browser software providers not only have the financial resources to tackle the issue, but a solution at the level of the browser is far simpler and much more elegant. Why force hundreds of millions of websites to make sweeping changes and, in the process, cause major disruption to their businesses when the EU requirement could be quite easily facilitated by getting only a handful of large organisations to rewrite their software?
Here’s how it could be done. When a user visits a site that wants to set a cookie, the browser could quite easily manage a pop-up saying what the cookie is and what it is used for and, at the same time, give the user the option to accept or reject the cookie. In addition, the browser could quite easily have a couple of buttons, prominently displayed, that turn on and off this same behaviour, so if the user decides they do not wish to be constantly irritated by these pop-ups that the EU wants displayed, they can simply turn them off permanently.
Instead of repealing this ridiculous law and working to produce new legislation that puts the onus where it should belong, the UK government seems to want to fine website owners up to half a million pounds sterling for failing to comply with a law that is ill thought out. The above suggestion is a simple and workable solution that would not interfere with the hundreds of millions of website businesses which may now be unwittingly breaking the UK law every time a visitor from the UK lands on their site.
I hope you will find time in your busy schedule to reconsider this matter.
Founder: White Dove Books