Do you remember how a year ago we were discussing the new EU cookie law (also known as directive 2009/136/EC)? And how having realised that although the direction was now integrated into UK law, it was pretty impractical to implement?
Well then you may also remember that the Information Commissioner’s Office gave businesses a year to get their sites in order, before they started issuing fines.
That year runs out this month!
Just to re-cap: you need permission from your visitors to store a cookie on their computer unless it is absolutely necessary for the site to work. So you might need to store a cookie to operate a shopping basket when someone buys something, but you don’t have to store a cookie to remember the name of your visitor just to make things more convenient for them. You must ask first.
And tracking cookies are a big problem!
Yet although businesses in the UK have had all that time to sort out the problem, I sometimes get the impression that very little has been done and it is going to be a mad dash to get everything fixed on time. Maybe I’m wrong and everyone has a solution that they are going to activate on 26th May?
Even though I am not based in the UK, the law is EU-wide and will eventually be active in all of the member states, so it will come to Germany one day and I have been looking ways to make my sites compliant as well.
Unfortunately, WordPress has not been very active on this. Considering the number of sites that will be affected in the EU, it would have been nice to have seen something added to the core code to deal with it. However the feature request is still “under consideration” and the associated forum thread has since been closed.
Not that the thread was that much use with answers to the problem like “shouldn’t affect most bloggers”, “host your site in Canada or some less stroppy nation” and “talk to a lawyer”.
WordPress may be free, but as one user put it “if WordPress doesn’t address this issue adequately, it will no longer meet the needs of European web publishers.”
So we are on our own and have to look for a different solution to the problem, if we are not all going to change platforms.
One way that I came up with was to set up a landing page that all new visitors get sent to. On that page I would ask for permission to save cookies from the site.
It’s a bit of a drastic measure and would no doubt send my bounce race rocketing.
Since then I have also seen a couple of plug-ins that help solve the problem. Both work on the same principle as the ICO website in that they nag the user with a message about cookies, until the user eventually gives up and accepts them or goes away again.
Cookie Control adds a colour triangle to one corner of the screen and EU Cookie directive adds a header bar.
Both allow a certain amount of configuration as to which message is displayed and the link to a privacy policy.
But although “Cookie Control” has a nicer design and is more discretely placed, it does not appear to actually block the cookies – only warn about them. So in my opinion it is not entirely in keeping with the way the ICO says things should work. However it does have a nice feature that allows you to select the countries that see the message to avoid confusing visitors from outside the EU.
The “EU Cookie directive” plug-in, on the other hand, actively blocks cookies until consent has been given, with the default WordPress and Google Analytics already set up when you install it. After that you may need to add some cookies to the configuration by hand, so it’s probably a good idea to audit the site before and after you activate the plug-in, although a section gets added to the WordPress Dashboard showing any cookies that get detected that have not been declared yet.
As you probably noticed when you arrived at the site today, I have activated the latter plug-in on this site to gauge your opinion.
What do you think? Is this the right solution for EU web sites? Or do you have a different solution? Leave a comment and let me know!
About Graham
Part of the conundrum for me is that my site is hosted in America but the content is created in the UK. Do I fall under the EU Cookie Directive. I haven’t a clue and I doubt if the MEPs that voted this through gave much thought to it either. To “hedge my bets” I have installed Cookie Control which alerts readers to the new cookie laws and includes a link to a hastily thrown together privacy policy.
This, as well as criticising the MEPs, offers alternative ways of controlling and managing cookies such as Do Not Track. The developer of this plugin is moving fast with enhancements including the ability to allow non EU visitors to bypass the cookie stuff completely.
The ICO guidelines (page 11) state: “An organisation based in the UK is likely to be subject to the requirements of the Regulations even if their website is technically hosted overseas.” so I would guess that you do fall under the it.