Feeds

Want to avoid another cookie law mess? Talk to EU bods next time

'Dear ICO, sue us ... We're sick of you and this ridiculous cookie law'

The Essential Guide to IT Transformation

UK businesses should actively involve themselves in the debate over changes to EU law if they want to avoid problems stemming from the way those laws are drafted, an expert has advised.

Technology law specialist Luke Scanlon of Pinsent Masons, the law firm behind Out-Law.com, said that businesses can help law makers avoid putting "burdensome" requirements on them if they make their views on plans to reform EU law heard.

Scanlon was commenting after a UK software firm stripped its websites of "cookies solutions" and called on the UK's Information Commissioner's Office (ICO) to "sue" it for non-compliance with the Privacy and Electronic Communications Regulations (PECR). Silktide created a dedicated website promoting its non-compliance where it announced that it was "sick" of the ICO and "the ridiculous cookie law".

Cookies are small text files that record internet users' online activity. In 2009, the EU's Privacy and Electronic Communications (e-Privacy) Directive was changed to state that storing and accessing information on users' computers would only be lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information ... about the purposes of the processing".

Consent must be "freely given, specific and informed". An exception exists where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user – for example, to take the user of an online shop from a product page to a checkout.

The EU laws were implemented in the UK through amendments to PECR last year and the ICO was tasked with enforcing the new law and handed the power to fine those that failed to comply up to £500,000.

However, website operators have bemoaned the lack of a single practical solution that meets the standards for compliance but which is also easy to implement and results in an unobtrusive browsing experience for internet users. The ICO has issued guidance outlining a number of solutions website operators can implement to comply with the cookie consent requirements.

Silktide, though, said that although it had "tried" to comply with the law doing so had been a "tragic waste of time". It described the law as appearing to be "nothing but hot air".

"Dear ICO, sue us," the message on the Silktide-operated nocookieslaw.com website reads. "We're sick of you and this ridiculous cookie law. So here's an ultimatum. We've taken all our cookies solutions off all our websites. The evil cookies are back, and the pointless slidey warning messages are no more. We tried. We even wrote an open source solution to the cookie law used by 5,000 sites. But the truth is it's a tragic waste of time."

"Presumably we now fly in the face of the law you are sworn to uphold. Please, please do your worst. Send in a team of balaclava-clad ninjas in black hawk helicopters to tickle us to death with feather dusters," the company said. "The idea of this law is a noble one, it's just a shame it was drafted by a team of technically illiterate octogenarians who couldn't find a button on a mouse."

Luke Scanlon said that the most interesting thing on the nocookieslaw site had been comments posted by users.

"The comments indicate that there continues to be a real lack of understanding of how laws are made in the UK and what powers regulators and even the UK Government possess," he said. "The cookie law is an EU imposed requirement. Neither the UK Government nor the ICO have any power to ignore or change it on their own, however burdensome it may be, so long as the UK remains in the EU and chooses to honour its commitments as an EU member state. It is interesting that the users, who seem to be web designers, web developers and digital consultants appear to be largely ignorant to this fact."

"It really is a reminder that businesses need to pay more attention to the development of EU laws at the negotiation stage rather than after the fact. The proposed data protection regulation which will have a greater impact in terms of compliance costs and consequences is a pertinent example," Scanlon said.

"Businesses should be engaging in preventative legal care now by seeking to influence policy and ensuring that the UK's EU representatives are provided with focused empirical economic evidence which builds a case for regulation that supports rather than hinders the interests of UK businesses and the wider economy," the expert added.

A review of the cookies laws due to be published by the ICO in November will feature nocookieslaw, a spokesman for the watchdog said, according to a report by the BBC.

"We welcome any opportunity to help us draw attention to this matter, as a key part of our work in ensuring compliance with the cookie law has been making businesses aware of the regulations," the ICO spokesman said.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Build a business case: developing custom apps

More from The Register

next story
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.