So the enforcement of the EU cookie law has been put back 12 months, if for no other reason then almost everyone is struggling to find a sensible way to actually implement the thing, and in the mean time the only people I can see this hurting are in the public sector because the private sector can afford to be fined.
I understand the logic behind the law, even if it is flawed. The amount of behaviour tracking that can be gleaned from a cookie – especially if it spans across multiple sites is quite scary. I only looked at a bike rack on the Halfords site the other day, and now my life is filled with the things, but to then make the arbitrary decision that all cookies are bad* is just technically naïve.
Firstly almost every website in the world functions on cookies in one way or another, most web servers out the box use them and you don’t even realise it. From load balancing sites across multiple servers to keeping track of how long someone has been stuck trying to do something cookies have become incredibly useful.
By trying get every website to ask for cookies the EU are doing a number of things
- Making the web naff. For everyone – because what I wanted was more popups, checkboxes, and T&Cs
- Punish the public sector only.
Punishing the public sector
Here’s a scenario – A fine for cookie violations by the ICO will be in the low thousands.
The public sector will run a mile from being fined by the ICO, not because of the money but because of the internal investigation that will suck your life once you are fined.
The private sector: My guess is a fine of a few grand is worth the marketing insight the cookies bring. They will collect as much data as is economically viable when compared to the fine.
So really all we are doing here is sucking yet more life out of public sector services online – because they will be the ones with the annoying messages.
* I know – system cookies are OK, but that has a very strict definition according to the ICO