When visiting a website for the first time, you’ll likely be presented with a (somewhat intrusive) banner or pop-up about cookies.
“Cookies” in this regard are sadly not the delicious chocolate-chip laden baked goods that we all love 🍪. (If only they were, I’d be more than happy to accept these when visiting a website!)
Rather, “Cookies” are a means by which a website can store a small amount of data in your web browser.
These could be used, for example, to personalize your experience whilst browsing a website. Cookies also allow you to remain logged in to a website for the next time you visit. They can also be used to allow websites to track your visit to their website, including what actions you perform and how long its been since your last visit.
Now, Cookies aren’t a new technology. In fact, they’ve been around for just about as long as web browsers themselves. For years, cookies didn’t cause much concern to web users.
Slowly as people became more familiar with what cookies were, some started to raise concerns that they were violating their privacy by tracking their online behavior, or storing data on their computer without their consent.
Long story short, the end result was the now infamous “EU Cookie Directive“. This was adopted by all EU countries in May 2011.
The EU Cookie Directive
This directive put a legal onus on webmasters to ensure that all visitors to their site coming from EU countries were clearly informed about the use of cookies on the site they were browsing, and given a choice to opt-out of the website storing any cookies in their browser.
This was pretty absurd and indeed unworkable; To only show a cookie banner/pop-up/prompt upon a visitor’s first visit to a website, but not every time the same visitor subsequently visited, a cookie had to be set in the visitors browser!
Also, for e-commerce sites, cookies may be essential to maintain what’s in a customer’s online basket. So exceptions to the directive were made for cookies that a website owner considers “essential”.
Here’s a summary of the guidance from the ICO:
You must tell people if you set cookies, and clearly explain what the cookies do and why. You must also get the user’s consent. Consent must be actively and clearly given.
There is an exception for cookies that are essential to provide an online service at someone’s request (eg to remember what’s in their online basket, or to ensure security in online banking).
The same rules also apply if you use any other type of technology to store or gain access to information on someone’s device.
Information Commissioner’s Office
Redundant?
Not only are cookie banners/pop-ups/prompts annoying and frustrating to many (myself included!), they’ve always been redundant anyway! That’s because all browsers provide a way to disable cookies in the browser itself.
If a user didn’t want to allow cookies, they could set this in their browser. Therefore, there’s really then no need for every new website they visit to also prompt them about cookies!
In addition, there are also a wealth of tracking and ad blocker extensions available for all modern browsers that can be readily installed if a user has concerns over tracking/privacy.
So whilst the intention behind the EU Cookie Directive was well meaning – to educate people about cookies on websites and obtain their consent for them to be used – it’s implementation has been poor.
It simply frustrates users having to endlessly click “OK” or “Accept” buttons in banners, pop-ups, and prompts for every new website they visit.
That’s the way the cookie crumbles!
The good news emerging today though is that there may be an end in sight!
A new head of the UK’s data regulator, the ICO (Information Commissioner’s Office) has just been announced.
The new Information Commissioner, John Edwards, is currently New Zealand’s Privacy Commissioner. Mr Edwards has vowed a post-Brexit “shake up” of data rules, including getting rid of those annoying cookie banners and pop-ups!
The government’s shake-up of the Information Commissioner’s Office was announced alongside planned changes to data protection post-Brexit.
In an interview with The Telegraph newspaper (unfortunately this link is behind a paywall), the Government’s Digital Secretary, Oliver Dowden, said the plans include getting rid of “endless” cookie prompts.
Mr Dowden said reform of the UK’s data protection rules is “one of the big prizes of leaving” the EU.
He went on to say:
“There’s an awful lot of needless bureaucracy and box ticking and actually we should be looking at how we can focus on protecting people’s privacy but in as light a touch way as possible“.
The Rt Hon Oliver Dowden CBE MP
Let’s face it, we’re all frustrated by the constant need to click “accept” on cookie prompts every time we visit a new site. In fact, it’s one of my biggest web annoyances – so the possibility that we may soon be able to do away with cookie prompt nonsense is quite exciting news!
I for one am going to celebrate with some proper edible cookies! 🍪