A new law is coming into force next month that has big implications for any organisation that has a website – and that means you.
The law deals with cookies – those little snippets of code that download themselves and track user behaviour on a website.
From 26 May, every website will be required to inform its users that they are being tracked with cookies, and to ask users for their consent. Sites which do not comply with the new rules face fines of up to £500,000.
Does this affect your site? Almost certainly yes, as you will have them.
Cookies are what make the web go round – they remember your movements on a site, help you resume where you left off, remember your login, manage your shopping cart etc. They enable tracking of visitors for analytics – all in all, they are pretty essential elements of the web experience.
They are also used by advertisers, Google etc – as well as more unscrupulous people - to track user behaviour in order to sell them things.
If you’ve ever seen an advert pop up on an unrelated site for something you were searching for the day before – that’s tracking cookies in action.
A Cunning Plan
The law is designed to protect privacy – to allow people to opt out of this sort of tracking.
But, as Blackadder said, there is one tiny flaw in the plan – it’s bollocks.
Advertisers will find a million and one ways to track you without cookies – HTML5 web storage for example – and as so often around technology the law will miss its target and impact on – well, everyone who uses the web and doesn’t want that experience to be a PITA.
For charities, it means trouble.
They’ll say no, and your site won’t work anymore.
Not only that, they’ll say no – but because you can’t then track them, your site will have no way of knowing they said no, so will ask them again every time they go back to the site!
Quis custodiet ipsos custodes*
If you look at the site for the people who are enforcing this – the Information Commissioner’s Office – you’ll see two things.
Firstly – there is a horrible, confusing message about cookies at the top that no-one will understand. This may be one of the few times you ever see this on a site.
Secondly – and actually you won’t see this – they aren’t even following their own rules. Even if you don’t accept cookies, they are actually tracking you with a session cookie, which strictly speaking they shouldn’t. Why? Because they know the site won’t work if they don’t and the know the law is unworkable without substantial helpings of fudge.
The list of things wrong with this law would fill the rest of the internet, so I’ll drill down to what you can do about it.
I’m not going to recommend you ignore the law. But most people will.
Most people will adopt a wait-and-see attitude. The ICO know the law is unworkable – that’s why it was delayed for a year. With any luck, it will just go the way of other unworkable laws and die an unmourned death.
However, it is possible that that the ICO might want to enforce this and make an example of someone.
It’s just a hunch, but from a PR point of view I can’t imagine that someone being a charity, particularly a smaller one.
So, while I’m not going to tell you to break the law, all I would say is that if I was running a charity’s web presence, I’d wait a while to see how the land lies before potentially driving away a huge number of users, slashing online donation and losing the ability to track KPI on my site.
*this is Latin for “not even those responsible for it know what the hell you’re meant to do with this law”