Proposed cookies law is an ass

catcookie “Breathtakingly stupid” are the words used by Struan Robertson, editor of, in a post describing a new law that demands consent to cookies that will be in force across the European Union within 18 months.

Cookies are small text files many websites automatically store on your computer that do things like remember your preferences on a website, let you log in on a next visit without having to enter your details again, etc – useful activities such as these.

So according to the post, what’s about to happen across the 27 member states in the EU is a law that requires any website owner to get a visitor’s permission for a cookie to be be stored on that visitor’s computer, or accessed from that computer, only if the visitor “has given his or her consent, having been provided with clear and comprehensive information.”

I guess this would includes bloggers like me, too, as you’ll have a cookie on your PC after a visit here if you’ve done things like left a comment and asked the site to remember you.

Robertson has some suggestions on how a consent process could work:

[…] You could seek consent with pop-ups, if you’re happy to ignore accessibility guidelines that discourage pop-ups – though users’ browsers may block pop-ups by default, which risks confusion. Or you could do it with a landing page that contains a load of information and some choices. The choices for users could be:

  • Give me a load of cookies, now and in future visits, and let me get where I wanted to go in the first place – and please don’t interrupt me like this again.
  • Cookies sound evil. I’m going to use American sites instead, because they don’t scare me with this cookie nonsense.
  • I don’t want cookies from your advertising partners, but I’ll gladly pay for an ad-free version of your site. What’s that you say? I need cookies for that too? OK, but just a few please.

You need to ask each new visitor just once, of course – until the visitor deletes his ‘consent’ cookie. Like a blow to the head, that action will cause your site to forget that you’ve actually met before and you’ll welcome the visitor like a stranger.

I’m all for addressing privacy concerns as well as technical issues such as cookie hijacking. Yet this new law seems to be about restricting the functionality of a technology – can a law actually do that? – rather than addressing concerns like privacy or criminal behaviours and enable something of greater benefit to everyone using the internet.

Robertson’s post goes into some detail on specific implications in the UK and suggests how our government could “take a bullet for Digital Britain.”

I think Robertson’s view that this is breathtakingly stupid is about right. Indeed, the law is an ass.

Read the complete story: Consent will be required for cookies in Europe.

Photo by anomalous4, used under Creative Commons license. Post cross-posted at The Next Web Europe.

Neville Hobson

Social Strategist, Communicator, Writer, and Podcaster with a curiosity for tech and how people use it. Believer in an Internet for everyone. Early adopter (and leaver) and experimenter with social media. Occasional test pilot of shiny new objects. Avid tea drinker.

  1. Charles

    In practice the ‘strictly necessary’ clause will be invoked by most. Facebook uses cookies to keep you logged in – they can pretty have you implicitly consent to cookies by logging in. Any web app that you have to log in to will be fine. Online stores can get consent to cookies at signup/registration. The only real problem areas for website owners are the analytics / advertising cookies and technical solutions for this exist and will probably be used should the law ever be enforced.

Comments are closed.