You're right of course, but as the only solution would be for:

(a) Us to remove said services (b) Our competitors to not (c) Us to suffer unjustly, while they prosper

Then no. The obligation should be on the provider of those services, or the law should be enforced equally. It's not enforced at all.

We clearly explain what those services do in our privacy policy and we include in that an explanation of why we see there being no meaningful privacy implication for users. What's the worst Facebook/Google could do with your information - know you looked at our website? It's hardly porn.

> You're right of course, but as the only solution would be for:

> (a) Us to remove said services (b) Our competitors to not (c) Us to suffer unjustly, while they prosper

That everyone else is doing wrong is not an excuse to do wrong as well. Suffer with dignity, or be treated as one of the "bad guys".

I believe what they're saying to the ICO is that either the law should be enforced on them and their competitors equally; or it should be discarded.

What they're saying is that non-EU companies don't have to obey this law, so they don't want to either.

The fact that non-European companies can abuse their users privacy in this manner, is not a good enough reason to allow European companies to do the same. If this is the way we wanted things to be, we'd get rid of the minimum wage so we could compete with Chinese labour costs better.

It's a trade-off. We gain privacy, and some companies potentially lose some business.

I agree, but that's not what I'm saying!

The law is not enforced in the UK at all. Accordingly those who do comply are being penalised unjustly.

The ICO (body responsible for enforcing) have themselves said they probably won't prosecute people for using analytics, because even though that's against the law it's not really all that bad. That's just one example of how vague the law has become.

So we're left in a mess where no-one knows what to do, and those doing the least possible profit. Hence our stance.

Hope that makes sense!

So the solution sounds like stricter enforcement then.

Honest question -- why do we assume our actions deserve privacy on the internet, when we access someone else's site? We don't have the same expectation for e.g., when I walk into a shop (eg I may desire, but do not receive, privacy from being tracked if I were to walk into a sex toy shop).

Is it because of the third-party component?

When you visit a website, that website gets a lot more information about you than when you walk into a shop. All I want is that websites are limited to the same information as a simple shop. I published the following blog post last year which covers my thoughts on it: https://grepular.com/2011_EU_Cookie_Legislation_Opinion_of_a...

Shops don't know the last shop you visited, but websites do know the last website you visited (referrers). Shops don't assign you a unique ID the moment you walk through the door which they use to identify you on subsequent visits, websites do (cookies).

I see what you're saying. But excepting the cross-site tracking, aren't all of those privacy leaks just data that my browser is sending? Seems to me that's more my responsibility than the site owners. (FTR, I do use a bunch of the privacy controls and find trackers like the FB bug a bit creepy.)