What is this EU cookie law you keep hearing about?

Ew, days back, I found out that if you own a website, you must inform the visitors about your policy regarding the use of cookies. So from now own when you first visit my site, you will be prompted to either learn more about how I use cookies or agree with it and close the message.

This article is not legal advice, just what I learned during my research on the matter:

Cookie law explained

For some time now, you probably keep seeing those cookie-law compliance banners around. That is because a few months ago, a new law was introduced in the EU, stating that all websites dropping non-essential cookies on visitors’ devices have to declare it publicly and ensure visitors’ knowledge and consent.

This law was designed to protect our online privacy by making people aware of how information about them is collected and used online and giving them a choice to allow it. It initially started as an EU Directive adopted by the countries of the union in May 2011. The Directive was supposed to give individuals the right to refuse the use of cookies that compromise their online privacy.

But this part didn’t work out well I suppose.

The reason is simple. If you do not consent to a website’s use of cookies, there are very few things you can do (including setting your browser not to accept any cookies at all). This raises questions about the legislators’ intent to set some boundaries for the monetization of our browsing habits. Furthermore, defining which cookies are essential and which not is somewhat of a grey zone, and in my opinion -and many tech-savvy people’s- it cannot be properly defined.

Cookies explained

Quoting wikipedia:

“An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie, the latter which is not to be confused with the literal definition), is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user’s previous activity.[1] Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items in a shopping cart) or to record the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited by the user as far back as months or years ago)”.

Sounds essential, right?

Then, what about this part:

“Although cookies cannot carry viruses, and cannot install malware on the host computer,[2] tracking cookies and especially third-party tracking cookies are commonly used as ways to compile long-term records of individuals’ browsing histories—a potential privacy concern that prompted European[3] and U.S. lawmakers to take action in 2011.[4][5] Cookies can also store passwords and form content a user has previously entered, such as a credit card number or an address”.

The real question here is what happens when, for example, tracking cookies could mean a better user experience for you or help an author learn more about his or her audience? It’s a really controversial topic. In my opinion, this dispute can only be resolved by introducing end enforcing, community best practices – guidelines, regarding the use of cookies, as happened many times in the past and during the very first days of the internet.

How to protect your privacy

First of all, take a look at your browser settings and review your cookie preferences. Keep in mind that if you forbid the use of all cookies from the websites that you visit, you will need to say goodbye to Facebook, Amazon, eBay, Twitter, and generally any web-based service that uses sessions.

Secondly, educate yourself. It’s your right to have an opinion, but honestly, everyone does. Take the next step: Have an informed opinion. As an introduction to the issues at stake, arguments, and….controversy, a good place to start is the EFF – Electronic Frontier Foundation.

Maybe you are already familiar with a few of their projects, like the privacy badger, but these people are actively fighting for privacy rights from the first days of the internet.

Fact is, we trade privacy for convenience

The truth is that many of us are just okay with it. We trade our privacy for convenience or money. Someone could even argue that as the internet constantly evolves into being a public dialog, it is thus the very definition of public space.

Furthermore, although our online habits’ monetization receives a lot of criticism, mostly because it takes place without our consent, many of us can’t imagine the internet without our cool and free Gmail, free Facebook, free Twitter, and generally speaking, all these great free services on the web. The truth is that somehow you need to pay for these services.

How do I add a cookie disclaimer on my website?

When I was looking on the internet, trying to figure out what this whole thing is about, I found out that Google has created a website to help publishers with cookie consent.

Furthermore, if you do a google search, you will see even more projects related to it, most of them jquery based. They come with their own documentation and are easy to install.

If you find it difficult to implement the code on your own website, please send me a message on Twitter, and I’ll be happy to assist you!