Frustration is growing amongst cookie law compliance product providers that the “cookie consent” law does not seem to be being enforced. But maybe all cookie users are already complying. Or perhaps it’s the calm before the ICO storm. Stephen Groom investigates.
Topic: Online advertising
Who: ICO, Silktide
When: September 2012
Where: UK
Law stated as at: 11 September 2012
What happened:
Cookie law compliance software maker Silktide published a dedicated website delivering an "Ultimatum" to the UK personal data watchdog the Information Commissioner's Office ("ICO").
With tongue slightly in cheek, Silktide said:
"Dear ICO,
Sue us. We're sick of you and this ridiculous cookie law.
We've taken all our cookie solutions off all our websites. The evil cookies are back and the pointless slidey warning messages are no more.
The ultimatum continued:
Presumably we now fly in the face of the law you are sworn to uphold. Please, please do your worst. Send in a team of balaclava-clad ninjas in black hawk helicopters to tickle us to death with feather dusters. Just do something."
Silktide would be the first to admit that they are not entirely altruistic in making this cheeky move.
They and many other businesses saw an opportunity when ICO announced full enforcement of cookie consent laws from 26 May 2012.
Convenient compliance solutions would surely fly off the digital shelves as website publishers, email marketers, app developers and any other users of cookies, clear gifs or other technology designed to "store or gain access to information stored" in laptops, tablets and mobile phones queued up to buy peace of mind.
Silktide was one of many who therefore developed a range of tools for web developers who wanted to make sure they were not breaking the law.
No rush for cookie compliance aids
So far, however, the rush has failed to materialise and Silktide now say their work on the cookie tools was a "tragic waste of time."
Why? Probably because of a number of factors, including ICO's last-minute concession that "implied consent" should suffice in many cases and the absence of any reported case where firm enforcement action had been taken by ICO, beyond the initial sending in May 2012 of 70 odd letters to apparently randomly selected UK website publishers asking for information about how they had taken action to ensure compliance.
The position of Silktide and other opportunists has also not been helped by the still shambolic picture in the rest of Europe, with little or no news of enforcement action coming from continental member states either.
There has also been worrying inconsistency in implementation of the revised directive. Holland, for example, apparently faces EC sanction for failure to implement the new cookie law, whilst Germany maintains the line that its existing laws are already effective in the fight for cookie transparency and consent, so no reform is needed.
Why this matters:
Of course it may be that there is a simple explanation for the lack of apparent enforcement of these now far from new cookie laws since the original EU deadline for implementation of the consent requirement was May 2011.
Maybe all UK websites are compliant.
However, a recent study suggests this is not quite the case.
A report by TRUSTe based on an analysis of 231 top UK websites indicates that no less than 37% of these sites had taken no steps whatever to comply with the law.
Minimal steps by 51% of sites surveyed
Only 12% had implemented prominent privacy notices with robust cookie controls, whilst 51% had opted for minimal privacy notices with limited cookie controls.
Overall, 56% of the sites examined in this study had moderate to high levels of third-party trackers, but within this group only 17% had implemented robust compliance solutions combining prominent privacy notices and strong cookie controls
In terms of examples, Toyota made it very simple for users to control cookie settings on their site, and provided individual descriptions of cookie purposes.
Similarly, Barclays’ website displayed a clear privacy notice directing users to a page explaining the purpose of each cookie while providing easily accessible cookie preference controls.
ICO action soon?
Perhaps a little stung by the Silktide blast, ICO has since announced that it is closing in on a number of sites who "failed to engage with us at all" with regard to cookie law compiance. If any of these sites miss a deadline for compliance set by ICO, formal enforcement action will apparently be taken.
ICO also says that Silktide's "Nocookielaw.com" will feature in a review of the new regulations due to be published in November 2012.
In the meantime, those who have taken appropriate action can (hopefully) relax in the knowledge that when it comes to cookies, ICO will not be knocking on their door.
The Silktide site is here: