“We’re supposed to warn people before giving them cookies?!”, I thought, “How the heck would that work? I’m going to scare away all of my customers.” I waited anxiously for someone to actually implement such a feature to give me a better idea of what is expected.
I was therefore very interested when I heard that the ICO website actually has one of these warnings on it! Fantastic, this’ll be implementation straight from the horses mouth! So let’s head over and see what they’ve done…
You can play along at home by visiting their site at http://www.ico.gov.uk/, which presently looks like this;
Yes! We have wording! Let’s see what we have here…
Followed by a check box asking me if I agree.
What’s this!? “one of the cookies we use is essential and has already been set”!? I headed straight to the browser settings to see what it was. After clearing all cookies and refreshing the page, I discover it’s the cookie that holds your session ID, deposited on my PC without me giving my permission.
So we are allowed to deposit essential cookies? What the heck counts as essential?! Ironically, under asp.net (which they’re using) the session cookie is actually quite easy to get rid of by using the URL to achieve a cookieless-session. This means that the one “essential” cookie they give you is actually the easiest to avoid using! Admittadly you do sacrifice oodles of security using your querystring as a session tracker, as well as a lot of usability, so we’re back to the question of what “essential” actually means. You could argue that analytics tools are essential to the running of any succesful e-commerce business, for example.
Let me save you the time: The guidelines DO NOT MENTION this clause currently, and as such the ICO presently does not comply with it’s own standards!
I am seriously considering drafting a letter of complaint!
By the way those guidelines, whilst not really worth the paper they’re written on, are worth a look if you want a giggle. I can almost hear the twisted lament of web designers all across Europe at some of the design recommendations contained within;
One possible solution might be to place some text in the footer or header of the web page which is highlighted or which turns into a scrolling piece of text when you want to set a cookie on the user’s device.
Yeah, marquees are back baby!!!!1!!!
^^ that would be scrolling if this wasn’t wordpress 😦 anyway, please share if you care x