Are you ready for the EU cookie directive?

If you do not live within the borders of the European Union, then this post is not really going to be of much interest to you.  Otherwise, you might well be asking yourselves what the “EU cookie directive” is.

It has been discussed on the blogosphere, well the European part of it, for some time.  But with the directive coming into force in just a couple of weeks, the subject has now made it into the news and quite possibly needs to be dealt with.

So what’s all the fuss about?

Well, until now it has usually been sufficient to inform your website visitors that you, your advertisers and affiliates, use cookies.  This has usually been done a page called “privacy information”, or in my case in Germany in the “Impressum”.

If your visitor then did not want you to place cookies in their browser, they just turned the relevant browser setting on/off to block them.

Simple?  The EU does not think so, and says that we must be more open about the cookies we are storing and not rely on the poor readers to kn0w how to change their browser settings.

So they came up with EU directive 2009/136/EC which basically says that you have to ask permission to store a cookie on a visitor’s computer.

Yes, you read correctly.  You have to ask permission before you can store a cookie, although I am not quite sure what to do if someone denies you that permission.  You can hardly store it in a cookie, can you?!

(Readers in the U.S. are probably thinking by now, that the FTC rules aren’t so bad after all…)

The problem with the EU directive is, that it is up to each national government to transfer the rules into their national laws, and they have until 25th May to do so.  The United Kingdom appears to be most advanced on this, and has even issued guidelines to companies on how to cope with the new rules.  Germany has reminded companies that they must comply, but not really told them how to.

The whole thing is a bit of a mess, and there are so many rumours flying around as to which cookies are covered and which are exempt.

Some pieces of advice are quite unhelpful, such as “move your company/server out of the EU”.

Others claim that cookies that are absolutely necessary for the running of the website, eg. for a shopping cart, are exempt.

However the general consensus is that cookies that do any form of tracking are going to need permission, and so it is that systems like Google Analytics are no longer just a problem for bloggers in Germany, but in the entire European Union.  And since you cannot just use a privacy policy and rely on browser settings with the new directive, the question may be whether analytical software is absolutely necessary for the site to work.  I suspect that most of the time it is not.

So the real question is going to be: how do we ask our users for consent to store cookies in their browsers and on their computers?

I suspect that the more cautious websites are going to be using pop-ups or even landing pages to resolve the problem.  If that happens, then – as one person put it – visiting EU-based websites may become as annoying as working with Windows Vista.  I wonder how many visitors will just leave a site rather than “risk” accepting cookies, meaning that the directive will have a direct impact on bloggers’ incomes.

Others sites may choose to ride out the storm and see what happens when the directive takes effect.

I am undecided and am interested to hear what others think.  We have already been discussing this in the Beyond Blogging Project for the past few days, so either join me there or leave a comment here.

If it all comes to the worst, then expect to see this sort of warning on my sites in future:

A preview of with the cookie warning in place

About Graham Tappenden

Graham Tappenden is a blogger from Germany. He has written code for WordPress themes since 2006 and been creating websites since 1994.
This entry was posted in News and tagged , , , , , . Bookmark the permalink.

2 Responses to Are you ready for the EU cookie directive?

  1. grahunt says:

     I suspect most people will ignore it and it will become a legal minefield with hundreds of test cases before being quietly dropped as totally unworkable

  2. Jaz says:

    I think the average user in the EU will at first be scared, and not sure whether to click to accept cookies, or not, and once they are more used to sites having to ask permission for cookies, the user will end up blindly clicking accept on things, without fully reading what they are accepting. Cue new forms of exploiting the end user into downloading malicious software, etc.

Leave a Reply

Your email address will not be published. Required fields are marked *