What Chicken PECR Came Up With This Law?

Just the other day I got an email from a young lady calling herself a “Cookie Compliance Consultant”, with the Information Commissioner’s Office (ICO).

She said she was “contacting websites that are not compliant with the new EU cookie law”. Then she went on to say, “Your website is currently illegal in the EU as it’s not asking users to accept cookies”, so I started to pay attention.

According to LinkedIn she was educated at the University of Oxford and has a Master of Business Administration (MBA) in Intellectual Property Law.

Why wouldn’t I believe her?

But eventually, she threw the ‘sucker punch’  ~ “I am willing to make your website compliant with the new laws for a nominal fee of￡25”.

Just what kind of scam is going on here? If you can believe all this nonsense, not only is the ICO making the law which renders your website “illegal”, but for a small consideration, they will fix up your website and make you “legal” again?

Nah ~ I don’t think so.

Don’t be sucked in by this EU Cookie Law

Of course, I wrote back immediately and politely refused her very kind offer ~ ending with the words “…where the sun never shines” ~ metaphorically ~ but it got me thinking. So I started to do some investigation of my own.

I know not everyone is as sceptical as me, nor do they have years of Internet Marketing background ~ which I guess is at least partly responsible for much of the scepticism ~ but it did cross my mind that some folk are going to get taken for a ride here.

Now you might think £25 is not a lot of money, but for cash-strapped charities, social enterprises and ‘Green’ businesses, every Pound is a prisoner. And to stay “legal” for just £25, I could see how many might be tricked into parting with much needed money, for what I imagined was something trivial, and probably not even necessary.

And as it turned out, I wasn’t wrong.

OK, so what is a cookie?

Cookies are small text files that are placed on your computer or mobile phone when you browse websites.

This website uses cookies, as almost all websites do, to help provide you with the best user experience. Some things on this website won’t work without cookies and there is simply no way to prevent them being set, other than to not use this website.

So now you know that, by using this website, you are implicitly agreeing to allow cookies to be placed on your device, and if you want to know more about how I use cookies, you need to do some reading. For all you ‘cookie monsters’ out there, my Privacy Policy goes into all the excruciatingly boring details.

But now let me tell you why, like a lot of well intentioned but largely anti-business BS that comes out of Brussels ~ this “EU Cookie Law” idea is just plain cookie!

The EU cookie law is simply a bad law, a restraint to trade online at a time when UK business needs all the help it can get; won’t make anyone more secure or less harassed by advertisers; and is impossible for you to implement effectively.

Apart from that, its quite a good idea ~ by Brussels standards.

Another stupid law ~ thanks to Brussels

The UK Privacy and Electronic Communication Regulations Act (PECR) was enacted on May 26, 2011 and the UK commissioners allowed a further year’s grace for UK websites to become compliant, which expired on May 26, 2012.

The law requires all UK businesses ~ and e-commerce sites that do business in the UK ~ to notify users of cookies on the site and obtain consent from those users in order to continue to use cookies during the online session.

And PECR also applies to applications developed for mobile devices as well as traditional online websites.

The move to institute this UK-specific legislation was prompted by a similar EU “Cookie Law” directive which requires website administrators and e-commerce sites to monitor and maintain control over the types of cookies present on their sites, especially those that can be used to track the browsing activities of users.

I wonder how many of those nice folk in Brussels and at the ICO, for that matter, have actually set up from scratch and managed a busy website, personally? My guess is not one of them has ~ so its the blind leading the blind again.

And in the land of the blind, that makes me King.

Hey, don’t knock it ~ its good to be King ~ even if I only have one eye!

PECR could seriously damage your website’s health

On a website ~ your website, for example ~ you might sell some of its space for marketing, say, to Google AdWords, or some other online advertising provider.  Now this space is auctioned off in real-time, to their client advertisers, which since you can’t control the cookies they use, makes it damn near-impossible to show your users immediately which cookies are going to be used on your website.

So here’s the first “gotcha”, if you believe all the hype, and you want to be strictly compliant with PECR  ~ its a big No No. Now, thanks to Brussels, you can no longer earn money for effective, well targeted and lucrative Advertising on your website.

And here’s another.

Do you know how many cookies each of the 40 or so different WordPress plugins I run on this site places in your browser cache?

No, neither do I. And if I did know today, I wouldn’t know tomorrow, because there’s no way to ensure the plugin authors will ever tell me what changes they make. Either before or after they make them.  And this stupid law doesn’t even address that.

Then there’s the question of “adequate notice” and how it can wreck your business.  No law should ever do that, but this one does.  Pop-up windows to get consent are often a safe bet for compliance, but the evidence suggests website use drops off dramatically ~ including at the ICO’s own website!

Its a catch-22 situation. The more interruptive and eye-catching the cookie law message, the more folk will click on the OK button, but people will bounce off your site in far greater numbers than ever sign up to accept cookies ~ why should they?

Getting consent through Terms & Conditions and Privacy Policy can also work, but only if people agree to them ~ again, why should they?

A more subtle approach is specific notices placed on the website indicating that cookies are used ~ which is what most have decided to do.

This is the least offensive option to people visiting your website and has a much better chance of visitors having a positive reaction and thus staying, buying, donating and becoming loyal supporters.

Threats of “legal action” and fines of up to £500,000

The FUD factor ~ Fear of the Unknown and Doubt ~ is almost always used as a scare tactic, and its no different this time.

As I did my research I saw no end of sites popping up everywhere and telling me ~

The effects of this law will be profound and far-reaching. In the UK, the Information Commissioner’s Office (ICO) has given UK businesses 1 year’s grace until May 26th 2012 to become compliant with this law or potentially face legal action.

and another ~

Failure to do so means you can be fined up to £500,000.

Now, I am no legal expert, and I cannot give you legal advice, but I am telling you right here, right now, this is all a load of bollocks, essentially put there to get you to pay them money.

The ICO has yet to investigate a single website over these new PECL rules, because its investigative team isn’t even ready to start work ~ more than a year after the new laws came into force.

And according to a recent Freedom of Information Request response, since May 26th 2011, 320 sites have been reported via the ICO’s online submission tool, but not a single site has ever been investigated.

Shows you how seriously they are taking it.

The ICO added that sites (reported via their online tool) “may not necessarily be investigated”, that they “are not being taking forward as individual complaints”, and that “the purpose of this feedback form is to help us to monitor and identify sectors where further advice or enforcement activity may be required”.

Sounds like a cop-out to me.  Why am I not surprised?

They had also previously said, “the ICO is unlikely to fine sites for not complying, but will instead insist they start to follow the rules”.

So bang goes all those half million Pound fines. See, told you not to worry.

So where does that leave us?

One of the most balanced articles I have read on the subject is Wrapped in red tape: cookies law for charities. And the Voluntary Sector Network Blog is not normally known for sensationalising ~ unlike a few software developers, SEOs and web designers in the UK I’ve found lately.

Now the ICO initially said websites would need to get “explicit consent” before dropping cookies, but just a day before it was set to start enforcing the PECL rules they said “implicit consent” would be enough ~ meaning sites can simply tell users that cookies will be used.

Which is good news, because its much easier to put into practise and, done right, won’t lose you visitors.

Finally a response from the lawyers ~ Kelly / Warner International Defamation Lawyers, who have commented and their conclusion is as follows ~

PECR is likely to have a significant impact on websites that depend on advertising as a revenue stream. However, recent adjustments to the U.K. guidance on compliance appear to weaken the consumer protection aspects significantly. These changes may actually allow businesses to assert compliance without making any changes to their existing sites at all, allowing the status quo to continue despite both the E.U. Directive and the provisions of PECR legislation.

And that my friends is where we are right now ~ “implicit consent”.

So please, please don’t give anyone £25 just because they tell you they’re a “Cookie Compliance Consultant” ~  University of Oxford educated, or not! You don’t need to, and I bet you can find a much better use for it.

But if, once you’ve read this article, you still feel you really must install some kind of cookie warning or pop-up, click that big orange tab up there on the left, marked FEEDBACK, give me your information, and I will do it for you ~ absolutely free!

Free, as in no credit card, no sign-up and no catch!

So you can get back to doing what the world needs you to do, as soon as possible.