ICO gave me a cookie without asking!

I have made a previous entry registering my disgust at the ignorant, uninformed implementation that the EU is imposing on the use of cookies. Rather than re-covering old ground, let me sum it up for you in two words: utter crap.

“We’re supposed to warn people before giving them cookies?!”, I thought, “How the heck would that work? I’m going to scare away all of my customers.” I waited anxiously for someone to actually implement such a feature to give me a better idea of what is expected.

I was therefore very interested when I heard that the ICO website actually has one of these warnings on it! Fantastic, this’ll be implementation straight from the horses mouth! So let’s head over and see what they’ve done…

You can play along at home by visiting their site at http://www.ico.gov.uk/, which presently looks like this;

Yes! We have wording! Let’s see what we have here…

The ICO would like to use cookies to store information on your computer, to improve our website. One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete and block all cookies from this site, but parts of the site will not work. To find out more about the cookies we use and how to delete them, see our privacy notice.

Followed by a check box asking me if I agree.

What’s this!? “one of the cookies we use is essential and has already been set”!? I headed straight to the browser settings to see what it was. After clearing all cookies and refreshing the page, I discover it’s the cookie that holds your session ID, deposited on my PC without me giving my permission.

So we are allowed to deposit essential cookies? What the heck counts as essential?! Ironically, under asp.net (which they’re using) the session cookie is actually quite easy to get rid of by using the URL to achieve a cookieless-session. This means that the one “essential” cookie they give you is actually the easiest to avoid using! Admittadly you do sacrifice oodles of security using your querystring as a session tracker, as well as a lot of usability, so we’re back to the question of what “essential” actually means. You could argue that analytics tools are essential to the running of any succesful e-commerce business, for example.

Let me save you the time: The guidelines DO NOT MENTION this clause currently, and as such the ICO presently does not comply with it’s own standards!

I am seriously considering drafting a letter of complaint!

By the way those guidelines, whilst not really worth the paper they’re written on, are worth a look if you want a giggle. I can almost hear the twisted lament of web designers all across Europe at some of the design recommendations contained within;

One possible solution might be to place some text in the footer or header of the web page which is highlighted or which turns into a scrolling piece of text when you want to set a cookie on the user’s device.

Yeah, marquees are back baby!!!!1!!!

^^ that would be scrolling if this wasn’t wordpress 😦 anyway, please share if you care x

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s