“Do you want your internet to work? Yes/No”

 by Martin Belam, 10 May 2012

There was an interesting post on the eConsultancy blog from Graham Charlton yesterday about the forthcoming changes that mean websites are being obliged to obtain consent for the use of cookies.

The key take-out figures were that from a sample of 2,000 users surveyed by eDigitalResearch and IMRG, 75% had not heard of the new EU cookie directive. And once it was explained to them 89% thought it was a good idea, and only 23% plan to accept cookies

I’ve no idea what the explanation of the changes given in the survey was. The legislation is complex, and I’m fairly certain you could have spun a totally different result out of the survey by borrowing a leaf from the UKIP/Daily Express playbook and asking people “Do you want unelected technocrats in Brussels messing with your British internet?”

As I’ve written before, one of my biggest concerns with the new emphasis on gaining consent for placing cookies on a user’s computer is that it means mainstream sites and businesses will spend the time and effort to make systems that will interrupt the browsing experience, whereas those that are planning nefarious activities won’t bother. Ironically the legislation will make the user experience of sites that mean you and your data harm smoother and easier than the user experience of sites that are being responsible about cookies.

You’ll begin to see cookie warning messages appearing on a website near you soon, and today for the first time I encountered Civic’s “Cookie Control”, which promises a “universal solution for cookie law compliance”.

Cookie Control

At the Guardian we’ve been discretely testing some variations of showing a message about cookies to a small percentage of our audience to gauge their reaction.

Guardian Cookie Tests

To my great personal regret, one of my preferred wordings didn’t go forward to the testing stage: “Do you want your internet to work? Yes/No”


This is an issue that I have been frankly, sort of trying to ignore as the impact on my websites worries me a bit.

However, there is another potential minefield in this and that is how a website handles cookies across subdomains when used to deliver images/css files etc.

OK - a competent website will have designed their image serving subdomains to disable cookies, but the default setting is for a server to use them.

An awful lot of small websites who have the understanding of the benefits of delivering content using multiple simultaneous subdomains, but how to fiddle with the more complex settings in a webserver might find themselves in a technical breach of the regulations because they served a cookie with cd1.domain.tld as well as www.domain.tld

Why have you not illustrated this with a photo of a cookie? EU Directive 4234019a-1034.2 states that all articles discussing the new cookie laws must have a picture of a cookie.

Surely "By continuing to browse the site you are agreeing to our use of cookies" doesn't meet the requirements of the law because:

1. It's an implicit opt-in, rather than an explicit opt in
2. You can't set any cookies until the user has opted in (and not at all if they opt out). Using this method, you can't say that the user has opted in until they "continue to browse" the site - but one assumes you already set cookies when loading that first page, if you're setting any at all.

Stupid and unnecessary law which is intrusive to the extreme to comply with properly.

I see you're using an 'implied consent' approach, ie "We're using cookies and will assume that's fine unless you tell us otherwise".

Is that enough to comply with the law? I hope so - it'll mean less disruption for users - but I haven't been able to find out conclusively.

That 75% of the 2,000 people surveyed didn't initially know about the cookie directive is crazy. Is there any point in trying to educate the general web user to try and gain a high rate of cookie acceptance?

Keep up to date on my new blog