EU Cookie Law

Posted on by | Leave a reply

You will have noticed by now that when first visiting this website, and many others, you see some kind of notice about the use of web cookies.

If you didn’t know already, cookies are just small text files on your computer that are accessed by the web browser.  They have various uses, but as they can be used to gather information about your web activities they are now subject to the EU e-Privacy Directive regulations. In the UK this is implemented by the Information Commissioner’s Office.

Personally I have a lot of reservations about all this. I’m not convinced it deals with underlying privacy issues on the web and the details for compliance  look pretty muddled – to say the least!  However, I’m not in any way a legal expert and whether we like it or not, all website owners have to do something about this issue.

Initially we got by with an enhanced Privacy & Security Policy and links to it from the menu of every page plus a large, very obvious banner link on the Home page and few others. This should provide compliance under the ‘Implied consent’ guideline, particularly as we don’t make heavy use of cookies on this site. However I came to the conclusion that given the confusion around these guidelines, plus potential differences in the implementation of the rules and definitions by various countries, it would be safer to have an ‘explicit consent’ method.

So this involved some form of pop-up question on the first visit to the website, then remembering the answer so that the pop-up did not appear on future visits. I looked at a number of free scripts to achieve this, but eventually settled on a free piece of JavaScript by Scott Herbert (http://code.google.com/p/cookie-warning/) which I modified to suit the needs of the Deeproot site. This WordPress blog needed a slightly different solution, so uses the cookie-warning plugin by MAJ Consultancy, which is coincidentally derived from the same script.

I apologise for any annoyance that the pop-up may cause, but for most people it will only happen once!  Remembering the answer involves using a cookie to record it, which I think is somewhat ironic! For those users who clear their cookies at every session and therefore get the pop-up question every time they visit – I’m really, really sorry!! (but note that our site will still work if you have cookies switched off entirely – and no pop-up)

Although some of the other solutions produce slick-looking, attractive and perhaps less obtrusive implementations, Scott’s script has a number advantages – it is very lightweight, uses no off-site resources and is very simple to implement and customise.  I could not see the point of having a fancy graphical effect that most visitors would only see once, but a greater overhead carried by all pages forever!

 

If you are a website owner/author and interested in the cookie warning script, here are the changes I made:-

  • Added a function to test if cookies are enabled in the browser. This stops the pop-up showing if cookies are not allowed anyway.
  • Added “path=/” when the cookie is saved, so that pages in sub-directories use the same one.
  • Added a 3rd button to the pop-up which links to the Privacy & Security page (no cookies set for this!)
  • Changed the greyed-out background to ‘position:fixed’ so it cannot be scrolled.
  • Cosmetic changes to the pop-up div.

 

Leave a reply