Are Cookies going Wooky?

Oh noooooooooooooooooo! They’re going to regulate COOKIES!

Just in case you are one of those who is blissfully unaware, Cookie Day is 25th May 2011. This is the day by which those terrible terrible terrible people sitting in Europe </sarcasm> have decreed that us here in Blighty must have done something about cookies.

Reading some of the reports doing the rounds, you would think the Tech Sky was about to fall in.

So, is it? Nah. No. Nei. Non. Nein (insert other European language words for no here). Based on the evidence so far, nothing much is going to change, and not by 25th May.

Yes, I DO know what TechCrunch have said (amongst others) but lets calm those jerking knees and take a little stroll through what Europe, The Big Bad Government and the Information Commissioner have said and are saying shall we? It’s okay, I’ll hold your hand on the way.

Back in late 2009 some people in Brussles passed a Directive known as 2009/136.  It amends various other Directives, and can be read here. It basically says that after Cookie Day, consent is required for the use of cookies.

The Big Bad Government, perhaps being a bit busy with other things, seemingly forgot about Directive 2009/136 (well, they did a consultation, which I do presume all those currently screaming actually responded to).

It is possible that it was gentle prodding by the ICO which woke up Ed Vaizey, the Minister for Culture, Communications and the Creative Industries, and the Chappy in Charge of Cookies.  Uncle Ed happens to like the interwebs, and, in breaking news, recognises that this directive could be a Very Bad Thing. He says:

“Revisions to the e-Privacy Directive will provide consumers with more choice and control over their internet experience. But at the same time we need to make sure these changes do not make using the internet more difficult.”

While he is figuring out how to ensure Cookie Law does not make using the internet more difficult, Uncle Ed has told the Growling Rottweiler Information Commissioner to do… nothing right now. Well, nothing in terms of enforcement, anyway:

“We recognise that work will not be complete by the implementation deadline. The government is clear that it will take time for meaningful solutions to be developed, evaluated and rolled out.

We recognise this could cause uncertainty for businesses and consumers. Therefore we do not expect the ICO to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies.”

Turning to Christopher Graham, the Information Commissioner and effectively the Deputy Chappy in Charge of Cookies, well, the BBC reports here that he has been attempting to show his teeth by saying that the lack of regulations should not be seen as a “get out of jail free card”.  He does however, acknowledge that the lack of regulations means that he “cannot bark at the industry at the moment”.

With the greatest of respect to the the Deputy, bless him, he will find it somewhat difficult to go barking at an industry that the Government has publicly told him to leave alone, regulations or not.

Still with me? Oh good. This is where our path gets a little bit pebbly, so carry on holding tight.

The BBC reports that “early work by the ICO suggests that gathering consent by changing settings on browsers may not be sophisticated enough for the demands of the directive“.  Far be it for little ol’ me to question the research methods of the BBC, but well, the ICO put out a wee press release only yesterday which says quite clearly:

“One option being considered is to allow consent to the use of cookies to be given via browser settings”

Not only that, but paragraph 66 of the Directive itself says:

“…the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application.”

Now I don’t know about you, but I take those two quotes to say that if a visitor has set their browser to allow cookies then, erm, that should be enough.

Finally, and again drawn from the BBC report above, the Deputy in Charge of Cookies has apparently also said that:

“The response to complaints about firms that flout the directive will be viewed in light of what they have done to prepare for it.”

Now forgive me, and I in no way mean to be well, mean to the Deputy, but given that he publicly accepts there are no regulations yet, and that he has publicly said in his own press release that the ICO are looking at browser settings as indicating consent, what exactly is he expecting firms to do to prepare? Frankly if he came knocking on my door with a complaint, I’d give him a custard cream to munch and a copy of his own press release to mull over. That isn’t legal advice, by the way. Speaking of which, my disclaimer is on the About page.