Want to avoid another cookie law mess? Talk to EU bods next time
'Dear ICO, sue us ... We're sick of you and this ridiculous cookie law'
UK businesses should actively involve themselves in the debate over changes to EU law if they want to avoid problems stemming from the way those laws are drafted, an expert has advised.
Technology law specialist Luke Scanlon of Pinsent Masons, the law firm behind Out-Law.com, said that businesses can help law makers avoid putting "burdensome" requirements on them if they make their views on plans to reform EU law heard.
Scanlon was commenting after a UK software firm stripped its websites of "cookies solutions" and called on the UK's Information Commissioner's Office (ICO) to "sue" it for non-compliance with the Privacy and Electronic Communications Regulations (PECR). Silktide created a dedicated website promoting its non-compliance where it announced that it was "sick" of the ICO and "the ridiculous cookie law".
Cookies are small text files that record internet users' online activity. In 2009, the EU's Privacy and Electronic Communications (e-Privacy) Directive was changed to state that storing and accessing information on users' computers would only be lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information ... about the purposes of the processing".
Consent must be "freely given, specific and informed". An exception exists where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user – for example, to take the user of an online shop from a product page to a checkout.
The EU laws were implemented in the UK through amendments to PECR last year and the ICO was tasked with enforcing the new law and handed the power to fine those that failed to comply up to £500,000.
However, website operators have bemoaned the lack of a single practical solution that meets the standards for compliance but which is also easy to implement and results in an unobtrusive browsing experience for internet users. The ICO has issued guidance outlining a number of solutions website operators can implement to comply with the cookie consent requirements.
Silktide, though, said that although it had "tried" to comply with the law doing so had been a "tragic waste of time". It described the law as appearing to be "nothing but hot air".
"Dear ICO, sue us," the message on the Silktide-operated nocookieslaw.com website reads. "We're sick of you and this ridiculous cookie law. So here's an ultimatum. We've taken all our cookies solutions off all our websites. The evil cookies are back, and the pointless slidey warning messages are no more. We tried. We even wrote an open source solution to the cookie law used by 5,000 sites. But the truth is it's a tragic waste of time."
"Presumably we now fly in the face of the law you are sworn to uphold. Please, please do your worst. Send in a team of balaclava-clad ninjas in black hawk helicopters to tickle us to death with feather dusters," the company said. "The idea of this law is a noble one, it's just a shame it was drafted by a team of technically illiterate octogenarians who couldn't find a button on a mouse."
Luke Scanlon said that the most interesting thing on the nocookieslaw site had been comments posted by users.
"The comments indicate that there continues to be a real lack of understanding of how laws are made in the UK and what powers regulators and even the UK Government possess," he said. "The cookie law is an EU imposed requirement. Neither the UK Government nor the ICO have any power to ignore or change it on their own, however burdensome it may be, so long as the UK remains in the EU and chooses to honour its commitments as an EU member state. It is interesting that the users, who seem to be web designers, web developers and digital consultants appear to be largely ignorant to this fact."
"It really is a reminder that businesses need to pay more attention to the development of EU laws at the negotiation stage rather than after the fact. The proposed data protection regulation which will have a greater impact in terms of compliance costs and consequences is a pertinent example," Scanlon said.
"Businesses should be engaging in preventative legal care now by seeking to influence policy and ensuring that the UK's EU representatives are provided with focused empirical economic evidence which builds a case for regulation that supports rather than hinders the interests of UK businesses and the wider economy," the expert added.
A review of the cookies laws due to be published by the ICO in November will feature nocookieslaw, a spokesman for the watchdog said, according to a report by the BBC.
"We welcome any opportunity to help us draw attention to this matter, as a key part of our work in ensuring compliance with the cookie law has been making businesses aware of the regulations," the ICO spokesman said.
Copyright © 2012, Out-Law.com
Out-Law.com is part of international law firm Pinsent Masons.
Sponsored: Global DDoS threat landscape report