Feeds

Want to avoid another cookie law mess? Talk to EU bods next time

'Dear ICO, sue us ... We're sick of you and this ridiculous cookie law'

SANS - Survey on application security programs

UK businesses should actively involve themselves in the debate over changes to EU law if they want to avoid problems stemming from the way those laws are drafted, an expert has advised.

Technology law specialist Luke Scanlon of Pinsent Masons, the law firm behind Out-Law.com, said that businesses can help law makers avoid putting "burdensome" requirements on them if they make their views on plans to reform EU law heard.

Scanlon was commenting after a UK software firm stripped its websites of "cookies solutions" and called on the UK's Information Commissioner's Office (ICO) to "sue" it for non-compliance with the Privacy and Electronic Communications Regulations (PECR). Silktide created a dedicated website promoting its non-compliance where it announced that it was "sick" of the ICO and "the ridiculous cookie law".

Cookies are small text files that record internet users' online activity. In 2009, the EU's Privacy and Electronic Communications (e-Privacy) Directive was changed to state that storing and accessing information on users' computers would only be lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information ... about the purposes of the processing".

Consent must be "freely given, specific and informed". An exception exists where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user – for example, to take the user of an online shop from a product page to a checkout.

The EU laws were implemented in the UK through amendments to PECR last year and the ICO was tasked with enforcing the new law and handed the power to fine those that failed to comply up to £500,000.

However, website operators have bemoaned the lack of a single practical solution that meets the standards for compliance but which is also easy to implement and results in an unobtrusive browsing experience for internet users. The ICO has issued guidance outlining a number of solutions website operators can implement to comply with the cookie consent requirements.

Silktide, though, said that although it had "tried" to comply with the law doing so had been a "tragic waste of time". It described the law as appearing to be "nothing but hot air".

"Dear ICO, sue us," the message on the Silktide-operated nocookieslaw.com website reads. "We're sick of you and this ridiculous cookie law. So here's an ultimatum. We've taken all our cookies solutions off all our websites. The evil cookies are back, and the pointless slidey warning messages are no more. We tried. We even wrote an open source solution to the cookie law used by 5,000 sites. But the truth is it's a tragic waste of time."

"Presumably we now fly in the face of the law you are sworn to uphold. Please, please do your worst. Send in a team of balaclava-clad ninjas in black hawk helicopters to tickle us to death with feather dusters," the company said. "The idea of this law is a noble one, it's just a shame it was drafted by a team of technically illiterate octogenarians who couldn't find a button on a mouse."

Luke Scanlon said that the most interesting thing on the nocookieslaw site had been comments posted by users.

"The comments indicate that there continues to be a real lack of understanding of how laws are made in the UK and what powers regulators and even the UK Government possess," he said. "The cookie law is an EU imposed requirement. Neither the UK Government nor the ICO have any power to ignore or change it on their own, however burdensome it may be, so long as the UK remains in the EU and chooses to honour its commitments as an EU member state. It is interesting that the users, who seem to be web designers, web developers and digital consultants appear to be largely ignorant to this fact."

"It really is a reminder that businesses need to pay more attention to the development of EU laws at the negotiation stage rather than after the fact. The proposed data protection regulation which will have a greater impact in terms of compliance costs and consequences is a pertinent example," Scanlon said.

"Businesses should be engaging in preventative legal care now by seeking to influence policy and ensuring that the UK's EU representatives are provided with focused empirical economic evidence which builds a case for regulation that supports rather than hinders the interests of UK businesses and the wider economy," the expert added.

A review of the cookies laws due to be published by the ICO in November will feature nocookieslaw, a spokesman for the watchdog said, according to a report by the BBC.

"We welcome any opportunity to help us draw attention to this matter, as a key part of our work in ensuring compliance with the cookie law has been making businesses aware of the regulations," the ICO spokesman said.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

High performance access to file storage

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.