You may or may not have heard about the new(ish) cookie law that has come in requiring web sites to get the users permission before sending out a cookie that can be used to track a user across web sites. Although aimed at increasing online privacy it is causing a problem for most people who have a web site including me.
I have done an audit of my sites that use cookies and I actually use them very irregularly. In fact I am only serving them from my server for two forums running PHPBB and several WordPress installations. As both of these are an opt in with a privacy policy mentioning cookies I am quite happy that I am already complying with the legislation. I used the Buisness Link templates for these policies (that have vanished from their site but I can send a copy) if you want to do the same.
The problem I have is with third party services serving cookies, most specifically AdSense and Google Analytics. The new legislation gives both Google (as the service who sends out the cookies) and me (as the user of there service) equal responsibility to get the users agreement before service the cookies. The problem is I have no control over what Google serve and they don’t appear to have a solution in the pipeline. As the Information Commissioner’s Office, the organisation charged with enforcing the legislation, have said they are taking a light touch approach to enforcement “where there is a low level of intrusiveness and risk of harm to individuals” I will, like many, continue to take the wait and see approach and hope that Google comes up with a more defined solution in the near future.
So, in summery I am already compliant with the exception of some Google services, and I am now hoping Google will supply a recommended solution for me and many millions more across Europe.
Update: Things are changing already with new advice from the ICO saying that we can presume implied consent. As a result I can now just bring up a one time message (perhaps just for European visitors but I will need to check in to that) letting the user know I am using Google Analytics cookies and taking there continued use of the site as implied consent. Clearly I am missing the deadline on implementing this but will have it coded and active soon.
There’s a good analysis of the implications of the EU’s cookie regulations here: http://zine.openrightsgroup.org/howto/2012/cake-or-death
I have come up with a solution for me and others as well at a hackerthon last weekend. It is still in beta but if anyone is brave enough then check out http://cookiecommons.com/ . I will blog about it when it is fully debugged.