The great EU cookie wangdoodle

 by Martin Belam, 1 June 2012
“I’m gonna walk between Farringdon & Shoreditch today waving a big paper prototype pop-up in people’s faces shouting ‘DO YOU ACCEPT COOKIES?’” - @currybet

I’d rather hoped to avoid blogging about what I’ve been calling on Twitter “the great EU cookie wangdoodle™” but it turns out that I couldn’t resist. But I’ll start with the obvious disclaimer that I am not a lawyer, this is a personal blog, and the views expressed don’t reflect those of the Guardian or any other previous or future employees or clients etc etc.

What has prompted me to blog about cookies in the end is not that I think the legislation is well-intentioned but flawed. Which I do.

Or that the ICO hasn’t been actually all that clear about what it expected in the UK. Which it hasn’t.

No, what has prompted me to blog is frustration at the misinformation I’m seeing fly around blogs and Twitter. Blog posts like “Why your site is now illegal in Europe” and “Dear ICO: This is why web developers hate you

Oliver Emberton suggested there was some secret collusion between the ICO and the “big boys” which meant some companies got prior access to a last minute watered-down version of the guidelines. I can’t account for every conversation between the Guardian and the ICO, but we had our designs tested and locked down ages ago. In fact I published the variations of cookie notification messages that the Guardian was testing on here for all to see on May 10th. It always seemed to me to be possible to read the ICO’s guidelines and decide that implied consent was reasonable enough, and so that was what I designed.

EU hypocrisy?

Elsewhere on the EU cookie directive theme, I noted this blog post, where Stewart Room goes round hunting European institution websites looking for evidence that they have done anything to comply with the directive they are involved in bringing to the rest of Europe. He doesn’t find much.

Show me the numbers

What would be really handy would be for a big website that has asked for explicit consent to come out and let us know the numbers. In advance of the ruling coming into force, a survey by eDigitalResearch and IMRG found that 75% of users had not heard of the new EU cookie directive, and once it was explained to them, only 23% planned to accept cookies. Post cookiepocalypse blog posts like Dejan Levi’s for EtonDigital blithely assert that “Most people obviously chose the simpler option - continue accepting cookies - and continued their browsing after only the slightest of delay.” I’d like to know which it is. reported that by Tuesday the ICO had received 84 complaints about cookies being set. The ICO have built a survey where you can complain about suspicious cookie activity, although with a heavy dose of irony, the survey doesn’t clarify whether it uses cookies itself.

Mobile first. Or indeed at all.

I’m not going to name and shame - but if you’ve come up with a clever cookie permission dialogue “thing” that hovers around your site with lots of small links crammed into a tiny space, do yourself a favour and check how it works on a mobile phone. Because some of what I’ve seen ain’t pretty.

And then there’s the video...

The team behind are not impressed with you, Mr. EU lawmaker.

Have a re-think

I’ve always worried there would be a tendency to over-engineer “solutions”. Like the Trading Standards Officers patrolling the country viciously striking out at grannies who happen to knit an Olympic logo, I fear that we are plagued by people looking to wring the maximum interpretation out of the EU directive. As an industry we’ve collectively bemoaned the amount of money this directive is going to cost us, whilst simultaneously we’ve got people charging clients hefty sums for a cookie audit and the design and delivery of complex interactions guaranteed to frustrate the average user. In my previous blog post I said:

“One of my biggest concerns with the new emphasis on gaining consent for placing cookies on a user’s computer is that it means mainstream sites and businesses will spend the time and effort to make systems that will interrupt the browsing experience, whereas those that are planning nefarious activities won’t bother. Ironically the legislation will make the user experience of sites that mean you and your data harm smoother and easier than the user experience of sites that are being responsible about cookies.”

I don’t want every British website I visit to lumber me with the cognitive load of choosing some complex cookie options. On the four different devices I access the internet on every day. For ever. And ever. And ever.

And deep down, neither do you. So, if you’ve implemented a complex thing, don’t be afraid to look around at some of the minimalist interpretations of what needs to be done, go back to your lawyers, and re-think it.

Keep up to date on my new blog