Feeds

Want to avoid another cookie law mess? Talk to EU bods next time

'Dear ICO, sue us ... We're sick of you and this ridiculous cookie law'

New hybrid storage solutions

UK businesses should actively involve themselves in the debate over changes to EU law if they want to avoid problems stemming from the way those laws are drafted, an expert has advised.

Technology law specialist Luke Scanlon of Pinsent Masons, the law firm behind Out-Law.com, said that businesses can help law makers avoid putting "burdensome" requirements on them if they make their views on plans to reform EU law heard.

Scanlon was commenting after a UK software firm stripped its websites of "cookies solutions" and called on the UK's Information Commissioner's Office (ICO) to "sue" it for non-compliance with the Privacy and Electronic Communications Regulations (PECR). Silktide created a dedicated website promoting its non-compliance where it announced that it was "sick" of the ICO and "the ridiculous cookie law".

Cookies are small text files that record internet users' online activity. In 2009, the EU's Privacy and Electronic Communications (e-Privacy) Directive was changed to state that storing and accessing information on users' computers would only be lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information ... about the purposes of the processing".

Consent must be "freely given, specific and informed". An exception exists where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user – for example, to take the user of an online shop from a product page to a checkout.

The EU laws were implemented in the UK through amendments to PECR last year and the ICO was tasked with enforcing the new law and handed the power to fine those that failed to comply up to £500,000.

However, website operators have bemoaned the lack of a single practical solution that meets the standards for compliance but which is also easy to implement and results in an unobtrusive browsing experience for internet users. The ICO has issued guidance outlining a number of solutions website operators can implement to comply with the cookie consent requirements.

Silktide, though, said that although it had "tried" to comply with the law doing so had been a "tragic waste of time". It described the law as appearing to be "nothing but hot air".

"Dear ICO, sue us," the message on the Silktide-operated nocookieslaw.com website reads. "We're sick of you and this ridiculous cookie law. So here's an ultimatum. We've taken all our cookies solutions off all our websites. The evil cookies are back, and the pointless slidey warning messages are no more. We tried. We even wrote an open source solution to the cookie law used by 5,000 sites. But the truth is it's a tragic waste of time."

"Presumably we now fly in the face of the law you are sworn to uphold. Please, please do your worst. Send in a team of balaclava-clad ninjas in black hawk helicopters to tickle us to death with feather dusters," the company said. "The idea of this law is a noble one, it's just a shame it was drafted by a team of technically illiterate octogenarians who couldn't find a button on a mouse."

Luke Scanlon said that the most interesting thing on the nocookieslaw site had been comments posted by users.

"The comments indicate that there continues to be a real lack of understanding of how laws are made in the UK and what powers regulators and even the UK Government possess," he said. "The cookie law is an EU imposed requirement. Neither the UK Government nor the ICO have any power to ignore or change it on their own, however burdensome it may be, so long as the UK remains in the EU and chooses to honour its commitments as an EU member state. It is interesting that the users, who seem to be web designers, web developers and digital consultants appear to be largely ignorant to this fact."

"It really is a reminder that businesses need to pay more attention to the development of EU laws at the negotiation stage rather than after the fact. The proposed data protection regulation which will have a greater impact in terms of compliance costs and consequences is a pertinent example," Scanlon said.

"Businesses should be engaging in preventative legal care now by seeking to influence policy and ensuring that the UK's EU representatives are provided with focused empirical economic evidence which builds a case for regulation that supports rather than hinders the interests of UK businesses and the wider economy," the expert added.

A review of the cookies laws due to be published by the ICO in November will feature nocookieslaw, a spokesman for the watchdog said, according to a report by the BBC.

"We welcome any opportunity to help us draw attention to this matter, as a key part of our work in ensuring compliance with the cookie law has been making businesses aware of the regulations," the ICO spokesman said.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Security for virtualized datacentres

More from The Register

next story
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
Heavy VPN users are probably pirates, says BBC
And ISPs should nab 'em on our behalf
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Former Bitcoin Foundation chair pleads guilty to money-laundering charge
Charlie Shrem plea deal could still get him five YEARS in chokey
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.