On the 26th May the EU Cookie directive becomes law where you have to get explicit consent from users to use cookies on their computer. Now I have build and look after a number of sites this is going to apply to. Have any other web developers on here had any thoughts on this, as any advice would be greatly appreciated?
http://www.telegraph.co.uk/technology/internet/9223930/EU-cookie-law-will-cost-businesses-10billion.htmlThe consensus also seems to be that you are going to need to LIST and CATEGORIZE ALL of the cookies that the site uses on your 'Privacy Policy' or 'T&C' page, which for sites with many advertising sources is going to be a major job.
http://www.telegraph.co.uk/technology/internet/9181672/Cookie-consent-guidelines-launched.htmlThe easier question:
Do you put a consent button at the top of the screen and don't enable cookies until they have consented? Do they only need to give their consent once (and then save this in a cookie) or each time they visit the website?
Now it gets more difficult:
3rd party cookies like Google Analytics, which can use up to 5 cookies, easy enough don't enable until user has consented, but the client than has inaccurate site statistics and can't calculate ROI for Google Adword sales where some customers don't give their consent!
I have a server side tracking system, which I built for a travel agent many years ago which uses landing pages index.php, index2.php etc, to track different campaigns with a server side tracking system, which will get round this problem, where it tracks and stores the source right through the selling process, but some of my customers will bitch that they will now have to use more that one system, ie Google Adwords stats and my stats to calculate ROI. Anybody got any other suggestions?
Now it gets worse:
Some websites including some of my own, make their money through 3rd party advertising. The easy solution would be not to display the adverts until you get consent, but I suspect that will kill the sites paying for themselves, don't consent, 'no annoying' adverts, so no income. So it is going to be a case of working with each supplier, so cookies are turned off, but the advert still displays until you give consent. Again what mechanisms will be in place by the 26th May for this?
Now it gets even more difficult:
3rd party suppliers who use iframes. Where browser security means that you have no control over the content of 3rd party iframes, this will mean multiple consents. The only work around for this I can see is to reload the iframe with a url consent variable. I can do this using JavaScript and location.href="3rdparty.com?consent=1"; But how many 3rd party suppliers are have implemented such systems by 26th May?
Into the unknown:
Now this applies to all EU based computers, so if your website is outside the EU and is accessed by EU citizens it applies. Now I'm working on an international website at the moment and using IP data to set the country, so I know from a location whether a computer is in an EU country or not and whether I need a comply button. But what happens if an EU citizen is the using their computer outside of the EU on business or holiday, would I technically need to have the comply "Confirm" button?
The small site / not-technical nightmare:
Many small web sites and blogs are build using 3rd party software development environments. How are they going to cope, with knowing what cookies the system uses, if you have an ecommerce option, this will almost certainly add more cookies and the consensus is that your 'Privacy Policy' should list ALL of the cookies used on a website and what they do. Now I can do this, but it is going to be a pain in the butt, but what about these sort of non-technical users. Many of these will be using freeware / shareware unsupported systems, or US developers primarily for the US market, with I don't give a toss about EU directives, level of support.
No consent given:
How is this going to impact Ecommerce sites and software, where they don't work without cookies enabled?
This is going to impact MOST people that manage or run websites, many people that run information sites, and pay for the hosting / running costs or supplement their income though some small websites right up to multi-national companies are all going to be hit, with most likely, across the board, lower online sales. The fines for non-complience are up to £500,000. I've no doubt that trading standards will be gearing up for this as a new Government deficit-busting tax stream, while in the rest of the EU when it comes to compliance, their officials will just give Gaelic shrug.
This going to cost all EUSSR companies and economies a lot of money, just what we all need in a US / Europe economic depression, made ten times worse in Europe with the Eurozone madness.