I think the general attitude here is pretty bad and I'm disgusted with the replies. I hope the hell they do get sued.
The reason that the law exists is that people have abused the cookie functionality terribly to track people all over the Internet using every possible loophole that they can. Now the price is being paid through not very good legislation.
You wrote functionality that tracks people and now you're whinging when people are given their privacy back? Forget it - I have no sympathy.
Regarding legitimate use, you click accept and the problem goes away.
With respect to analytics, stop being cheap and lazy and do it from your logs.
I'm the founder of Silktide and they guy who wrote that page.
Whilst I appreciate the law exists for a good reason, that doesn't mean the law is good. In it's current form it simply doesn't help user privacy or website owners. I'm hardly alone in saying as much.
We ourselves wrote no "functionality that tracks people" - our site merely uses Google Analytics (anonymous measurement of visitors) and social plugins like Disqus, the Tweet and Like buttons. By the letter of the law those have to be concealed until a user has manually opted in to display them.
In practice everyone instead started showing slide-down banners which accomplish nothing for privacy but piss off users.
Anyone who uses analytics properly knows there's no equivalent log-based solution. Understanding the path users take through a site, how long they view pages for, whether they buy when they came from one advert versus another - these are common practice for good reason and they have ABSOLUTELY ZERO implication for user's privacy, as all this data is anonymous.
The relatively few websites which genuinely might be jeopardising user's privacy - Facebook, Google, Amazon etc - tend to be large, ubiquitous and mostly ad networks. The average 10 page company website is not technically sophisticated enough to subvert a user's privacy nor do they have the visitors to do so.
I agree the law is bad. I actually stated that the legislation is not very good. However, suing people is probably the best approach bar forcing Firefox, Chrome and IE to ship Ghostery (then what are you going to do?) I mean you're obviously annoyed, aware and scared of the consequences.
However, the fact that you plug oddles of stuff into your web site that intentionally tracks people and hide under the banner of "we merely use" is the sort of attitude we don't want and the sort that should get you sued.
Ignorance and laziness is not an excuse.
I don't want to be tracked by Google Analytics and for my usage to be profiled and tracked across different sites (this almost certainly does happen as GA is capable of reading enough info from the browser to identify a user or at least build a persistent profile). Google do not have to operate under EU privacy laws as they aren't EU based.
Disqus, Twitter, Facebook all track users through these buttons just by them simply being there. None of these have to operate under EU privacy laws as they aren't EU based.
Your buttons and analytics MUST be disabled until someone agrees because you operate under EU privacy laws. That's your problem.
Either put the banner up or get rid of all the junk that you've plugged into your web site.
Regarding analytics, it sounds like analytics has grown to encompass too much of your business model. Have you thought that perhaps you are possibly not entited to the information that you gather?
As for advertising - if your revenue is derived from that, good luck. You're going to die miserably. Find a better model. Build something you can sell rather than something you can scatter with crap to pay your bills.
Sorry don't I don't buy your argument. It seems naive and arrogant.
Suing websites is going to force browser makers to do something? Perhaps that chain of reasoning can be expanded upon...
Fighting urge to flame the revolutionary baiting in this post, such as use of we don't want in paragraph 2, and possibly not entitled in paragraph 8. I usually don't like deconstructing posts, but the tone rubbed me the wrong way for an intellectual discussion.
All that laws designed to limit technology do is limit technology.
Not really. It's more that browser vendors are worried that it'll shoot their market share so they won't turn this on by default. If users get used to it, that is likely to be less of an issue.
You know, I'm the type of person that operates as you would like most people to (i.e. NoScript, Adblock, RequestPolicy, BetterPrivacy, etc.), and by reading your comments you've made me realize how I've been kind of a jerk for installing these things on friends' machines. They get annoyed and call me asking what I did to their machines (and how to "fix" it).
Obviously, I should've explained the use of and showed them how to use these add-ons, but such things are difficult to do in a casual/ social context. Many of the concepts are foreign, and there is a whole set of jargon that requires explanation in the first place. These are non-technical, yet educated, people in their 30s for whom most of this seems academic. So, I've just installed, and hoped they'd figure it out. I wish it were easy, but it's not; now, I'm certain I will no longer do this because I don't want them to "get used to it" for any reason other than that is what they choose to do.
That's a great approach and I admire your honesty. I think users should always have a choice. At the moment, there is a big assumption made which is the problem.
"Either put the banner up or get rid of all the junk that you've plugged into your web site."
then we'd still be setting cookies, but we'd be telling users about it after we did so. This is exactly what most sites are doing right now, and it's clearly farcical.
When you start attacking anyone who depends on advertising on the Internet - by which I guess you mean Google, Facebook, Twitter and every commercial news site in existence - then I start to lose you. Those services cost billions, and somebody has to pay for it.
Google and commercial news is fine - advertising is a big chunk but Google have other products and commercial news still sells paper and has television slots. Legislation will not kill them.
Neither Facebook or Twitter have a sustainable model and will fall in time. They don't actually do much of value really apart from enslave people into walled gardens full of noise and bombard them with advertising.
If you put all your eggs in the advertising basket, get pumped on VC cash and act like a dick, yes you will lose billions.
I quote: You have no right to make money shoveling magic unicorn shit.
Those of us who have a real product and earn from that, it's not a problem. We'll be here in 10 years. We were 10 years ago (in fact we started in '92). Empires have risen and fallen in our time. We have never advertised at all.
I appreciate you don't like ads; I'm not a big fan either (not that this is what the law is about). But consider the implications of it not becoming viable.
And for the record my company doesn't advertise anything. We just want to be able to use non-invasive features of the Internet like every other country.
You refer to Facebook, Google, Amazon as the real culprits, and not yourself -- but right above that you admit to embedding those same services on your site.
Whether you wrote it or use it makes no difference, your users privacy is compromised when they visit your site.
You're right of course, but as the only solution would be for:
(a) Us to remove said services
(b) Our competitors to not
(c) Us to suffer unjustly, while they prosper
Then no. The obligation should be on the provider of those services, or the law should be enforced equally. It's not enforced at all.
We clearly explain what those services do in our privacy policy and we include in that an explanation of why we see there being no meaningful privacy implication for users. What's the worst Facebook/Google could do with your information - know you looked at our website? It's hardly porn.
The fact that non-European companies can abuse their users privacy in this manner, is not a good enough reason to allow European companies to do the same. If this is the way we wanted things to be, we'd get rid of the minimum wage so we could compete with Chinese labour costs better.
It's a trade-off. We gain privacy, and some companies potentially lose some business.
The law is not enforced in the UK at all. Accordingly those who do comply are being penalised unjustly.
The ICO (body responsible for enforcing) have themselves said they probably won't prosecute people for using analytics, because even though that's against the law it's not really all that bad. That's just one example of how vague the law has become.
So we're left in a mess where no-one knows what to do, and those doing the least possible profit. Hence our stance.
Honest question -- why do we assume our actions deserve privacy on the internet, when we access someone else's site? We don't have the same expectation for e.g., when I walk into a shop (eg I may desire, but do not receive, privacy from being tracked if I were to walk into a sex toy shop).
When you visit a website, that website gets a lot more information about you than when you walk into a shop. All I want is that websites are limited to the same information as a simple shop. I published the following blog post last year which covers my thoughts on it: https://grepular.com/2011_EU_Cookie_Legislation_Opinion_of_a...
Shops don't know the last shop you visited, but websites do know the last website you visited (referrers). Shops don't assign you a unique ID the moment you walk through the door which they use to identify you on subsequent visits, websites do (cookies).
I see what you're saying. But excepting the cross-site tracking, aren't all of those privacy leaks just data that my browser is sending? Seems to me that's more my responsibility than the site owners. (FTR, I do use a bunch of the privacy controls and find trackers like the FB bug a bit creepy.)
I have one suggestion for you: stop blaming everyone else.
The law itself is just fine. It's insufficient in itself, but so is the law making theft illegal.
If you use Google Analytics and third party social widgets, you're aiding and abetting, you're aiding and abetting companies that violate people's privacy rights on a massive scale. You choose to do so, so you should accept the consequences and the responsibility instead of pointing the finger to everyone else.
As an industry, we've had over a decade to fix this problem until the politicians finally took action. We, Silktide include, have not only done fuck all to solve the problem, we've participated in making is massively worse by putting Google Analytics and Facebook like-buttons on every site we put our hands on.
The politicians you're ridiculing are at least trying to fix the mess we created. We took a dump on privacy rights, and are now bitching about how bad politicians are in cleaning it up.
You really think they're going to listen to us as long as we keep acting like spoiled children with zero sense of responsibility?
> The relatively few websites which genuinely might be jeopardising user's privacy - Facebook, Google, Amazon etc - tend to be large, ubiquitous and mostly ad networks. The average 10 page company website is not technically sophisticated enough to subvert a user's privacy nor do they have the visitors to do so.
What this law should have required is a way to opt out of the tracking systems themselves. I should be able to opt out Adsense tracking wholesale if I want to (although, tbh, I think I might prefer targeted ads over generic random BS appearing in the sidebars of every site I visit).
Having to opt out on every different European site that embeds Adsense is thoroughly retarded, especially when you consider that many sites don't even give you an option to opt out -- they just tell you to leave if you don't consent to being tracked!
With respect, people like me who delete all tracking stuff routinely now have to put up with constant cookie notices.
The proper solution to this would have been for browsers to have a more prominent "delete cookies" button, for those who care.
The way it's done now is just dumb: the bad guys are still going to track cookies, and it's a massive time sink for every other website out there that wants to comply with the law.
Actually you're solving the wrong end of the problem.
There should be no step which is "delete all tracking stuff".
You should be asked when you hit a web page if they can add a cookie.
At the moment, this is done by the page by legislation, but the next step is to do this at the browser level. I'm quite happy as it's training users to do this nicely.
It took us about a day to sort it out on our corporate site and web applications. If you've got loads of social crap plugged in, don't whinge - think before you do something.
No. I know how this stuff works, and I still don't want to be asked this every time I visit a new site. I suspect most other users don't either -- and a majority of them probably don't even understand the question.
The new cookie law is annoying because it results in a barrage of sliding/popup tickbox crap during one's daily browsing.
What we need is browsers with sensible privacy defaults, and easily-understood alternative settings. Safari's standard no-third-party-cookies rule is nice in this regard.
> You should be asked when you hit a web page if they can add a cookie.
>
> At the moment, this is done by the page by legislation, but the next step is to do this at the browser level. I'm quite happy as it's training users to do this nicely.
Firefox used have an option to ask you whether you wanted to receive cookies sent by websites. Turning it on made your browsing experience quite unpleasant. And that was several years ago; I imagine it'd be worse today.
You wrote functionality that tracks people and now you're whinging when people are given their privacy back? Forget it - I have no sympathy.
This is the bit of your comment I take most issue with. I have done nothing of the sort - and neither have the majority of companies's sites - and yet everyone is being punished for what boils down to abuse by online advertisers.
How can abusers get away with this? By relocating elsewhere. So the problem's not solved in the slightest. Meanwhile, the good guys are the ones left dancing around.
I have done nothing of the sort either. Our corporate site and web applications have had to have some re-engineering done to not issue cookie straight away. That's the price of operating in the UK and I have no problem with that.
Just remember, the good guys stay good.
The bad guys are easy to pick off now at the browser or the IWF firewall.
Many people will not click/not allow if they see a warning message. In fact many people will be either confused and scared and leave.
I.e. its not theoretically a problem if you assume that most users are rational users who read what is in front of them and make reasonable choices.
De facto though that is not the case and that means that a lot of business who put it up will see a drop in revenue even if they normally play by the books.
Furtermore it really does not help anything since those with malicious intentions can just put it up and still do all sorts of shady business on the back.
People should be scared. There are companies that know nearly every website they visit, how often, and how they get there. People don't expect this to be the case, but it is.
You complain about bad UX but the solution is obvious: don't use the tracking services and you won't have bad UX.
I personally never understood the problem. I want adds that are better targeted, I want them to know more about me so they don't waste my time with crap I am not interested in.
You're in the lucky position of being informed, and being able to make that choice. 99% of people are not informed on this subject, so their data is being gathered without their knowledge, and without their permission.
I think most people ignore the warning and click through based on the amount of toolbars I have to remove from PCs.
The drop in revenue hasn't happened for us and we've been compliant for months now. I think, based on the quantity of sites this is occuring on, that it's a non issue. People are used to it now.
The malicious people can be identified easily. Think of these changes as covering your arse rather than an inconvenience.
Different websites have different audiences and monetization schemes making your anecdotal observation uninteresting. It's also at odds with reams of conversion rate optimization data. What did Amazon report - something like a 500ms delay produces a 1% drop in conversion rate. I wonder how long it takes the average pensioner to click through?
The reason that the law exists is that people have abused the cookie functionality terribly to track people all over the Internet using every possible loophole that they can. Now the price is being paid through not very good legislation.
You wrote functionality that tracks people and now you're whinging when people are given their privacy back? Forget it - I have no sympathy.
Regarding legitimate use, you click accept and the problem goes away.
With respect to analytics, stop being cheap and lazy and do it from your logs.