How the UK Cookie Law is Affecting Us

If you are a regular visitor here, you may have noticed that a few of the familiar bells and whistles have now been removed from the site. I thought I would make a quick post to let you know what’s going on at the moment.

Basically, it is all because of the new UK Cookie Law. Some time ago, the EU issued a directive to the effect that information should not be recorded using cookies without the express consent of the user.

Sounds fair enough, in principle, doesn’t it? But it is an example of a well-meant piece of legislation that is ill thought out and, in practice, it has caused us some major headaches.

Most countries in the EU have not yet acted upon this directive and introduced a law, but the UK did this one year ago. Many webmasters, in my experience, are still unaware that they are already breaking the UK law every time their site sets a non-essential cookie without the consent of the visitor and that’s because there has been very little in the way of official communication about the matter.

Websites have until May 26th 2012 to comply with this new law – the UK government decided upon one year’s grace – or they face the prospect of legal action. There are some webmasters who are essentially ignoring the law because it truly is, in this case, being an ass. However, they are potentially skating on very thin ice by so doing. Official reports say that site owners could be fined up to half a million pounds sterling for failing to comply.

There is a lot of misinformation with regard to the Cookie Law all over the web at the moment. There are people suggesting that moving your hosting to a company outside the UK would solve the problem for example. Would that were the case – my hosting is provided by a company based in Canada – but sadly it isn’t. There are people who think that if their company is based outside the UK, they are unaffected; again that’s wrong. They may be beyond the jurisdiction of the UK law, but they are still breaking it every time they set a cookie for a UK visitor without obtaining consent.

Here at White Dove Books we are doing our best to comply with the law before the deadline, but it is not an easy matter for reasons I explained in my open letter to David Cameron. Nevertheless, despite the implications of complying with this law, we are resolved to do so.

Here is how we use cookies at this site:

– To remember which affiliate has referred a visitor
– To remember the preferences of our visitors

The first reason is so that we can pay an affiliate a commission if a referred visitor subsequently makes a purchase. To do that, we need to track which visitor was referred by each affiliate. The standard mechanism, used all over the web, is by setting a cookie. The only information contained in the cookie is the referring affiliate’s ID.

The second reason we set a cookie is to remember visitor’s preferences. If a visitor presses the ‘X’ button to scroll the sign-up box on the blog, up or down, for example. The next time the visitor comes to the site, the cookie that was set when they made that choice is read so that the screen can be displayed how the user wanted it.

As you can see, there is nothing unusual about these things. However, the standard method of achieving the above (using cookies) is now illegal unless the website expressly asks for permission first. So we now face the ridiculousness of websites setting off a pop-up to ask for that permission every time a user lands and they won’t be able to get rid of that pop-up unless they say ‘yes’ to the question about accepting cookies because – irony of ironies – the website will not be able to remember whether or not you are prepared to accept cookies unless it actually sets one!

Well, as they say in technical circles {/rant-off} – it’s a bit of a geeky joke, but if you got down this far, you are probably one of the affected.

So what we have done so far is the following:

We have removed our pop-up which invited people (just once) to join the Newsletter. Instead, we have created a login to allow people access to our free books section. Of course, this mechanism uses a cookie, but the setting of it is now deemed essential to provide a service requested by the user. If you are a regular visitor, you will now have to login to access the free books section. You can do this by using the name and email address you used when you joined the Newsletter and, of course, if you haven’t already joined, now is a good time to do so.

We have removed the Wibiya bar from the bottom of the blog. This set a cookie to remember whether the user had chosen to minimise it or not. We have removed the flying windows that were on the left and right sides of the blog for the same reason. We have removed the slide-down Newsletter form that was on the blog, again because it used a cookie to remember which position the user had chosen to leave it in. We also removed the ‘Addthis’ (Share) buttons from the site because, you guessed it, they used a cookie.

We are still not done because we have not yet fully addressed the affiliate referral cookie. This is again going to be problematic. It means a complete rethink of our referral mechanism. We have a partial solution that involves asking the user whether or not they are prepared to accept cookies, as they land at the site, and we may be forced to implement that. We don’t want to do it because we think that affiliates would inevitably lose some commissions if we were to go this way. Whatever the solution eventually looks like, it is sure to involve a shake-up of our affiliate program.

In addition, we have the Statcounter cookie to consider. This is technically known as a third party cookie i.e. it is not set by our site – it is set by the Statcounter server – but it is set when a user visits our site. This is one way we get information about visitor stats. I am completely open to simply removing the Statcounter code. The only problem is that it is on thousands of pages so removing it is a lot easier said than done.

We also have companies such as Google and ClickBank, with whom we have dealings, and both companies use cookies for tracking purposes. These are large organisations with a global presence who we would expect to produce solutions should their use of cookies be in breach of the UK law. It has surprised me that, at least to my knowledge, whilst there is a lot of speculation on the web as to the official stance, there has been no official statement from either company.

We contacted ClickBank directly and were subsequently informed that the new law did not affect their company. Because I was surprised, and I also thought that the support person in question may not have really understood the full implications of the requirements of the law, I asked her to double-check. She again contacted me to say that the question had been referred to their legal department who had confirmed they (ClickBank) were not affected.

So there you go; that’s my progress report. As I have said previously, the law is flawed. Attempting to hold website owners accountable for the widespread lack of understanding about what cookies are and whether or not to accept them is entirely the wrong approach. All existing browsers have the ability to block cookies. What is really needed is an adjustment in the way that browsers display and operate these setting to simply and elegantly comply with the requirements of the law, not a mandate for webmasters to cobble together solutions that effectively cripple the functionality of their websites.

Leave a Reply