The EU: One Ring to Rule Them All
There is a new EU regulation on setting “cookies” on users’ PC’s.
The regulation was supposed to stop websites tracking users behaviour, and targetting ads at them based on that.
However, the regulations say that you need to get users’ explicit consent to store any information on their PC, including cookies.
Cookies can be used to track behaviour and serve targetted ads. They are also used for the actual operation of certain types of website, e.g. to control your “shopping basket” on an internet shopping site. The latter have a specific exemption in the regulations.
However, cookies are also used in lots of other ways. For example, they may be used to store users’ preferences, such as which language the user wants to see.
So far, nobody has come up with any meaningful ideas about how to comply with the new regulations, except:
1. Stop using cookies entirely.
2. Serve a pop-up requesting user consent to store cookies.
The former would wreck the web as we know it today. The latter would mean a pop-up served with every new website you visit. What’s more, if you do NOT consent, you would get the pop-up with every single page you visit, since your preference not to have the information stored could not be stored! In other words, it would wreck the web as we know it today.
All this means the new regulation is completely unworkable. However, it came into effect today.
The Information Commissioner has been squirming and wriggling, trying to get out of the horrible bind this puts him in. He is in charge of enforcing the regulations. The new regulation even gives him the power to exact a “financial penalty” (i.e. a fine with no need for a court to be involved). He knows the new regulation is stupid and unenforceable, but of course he cannot say so.
His approach has been to announce a one year delay before compliance action will be taken, but to utter dark warnings about how companies must be “working towards” compliance. Here’s what he says:
Although there isn’t a formal transitional period in the Regulations, the government has said they don’t expect the ICO to enforce this new rule straight away. So we’re giving businesses and organisations up to one year to get their house in order. This does not let everyone off the hook. Those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules.
As the regulator, I’m conscious that my own website will be looked at for a model of how to comply. We’ve decided to place a header bar on our website giving users information about the cookies we use and choices about how to manage them. I am not saying that other websites should necessarily do the same. Every website is different and prescriptive and universal ‘to do’ lists would only hinder rather than help businesses to find a solution that works best for them and their customers. The initial advice that we issued earlier this month will continue to be supplemented with real-life examples as they come in.
“Real life examples as they come in”. Oh wow. He doesn’t know what he’s asking people to do, so he wants somebody else to think of something. The new rules are in force today. But they’re not in force. And if you don’t comply, there could be penalties. You don’t know what “comply” means? Neither do we. Somebody please tell us!
Professionals in the field have been attacking the Information Commissioner for this fiasco. He is the wrong target. They should be attacking the incompetent and unaccountable bureaucrats who thought up the regulations in the first place. And they are in Brussels, as usual.
Vague and capricious law-making is a hallmark of dictatorships and totalitarian states. It means that nobody can ever be sure whether they are in breach of the law. If it is done properly, it allows them to say that anyone they choose is guilty of something, at any time.
Vague and capricious law-making is also a hallmark of the EU. Go figure.