Cyberclinic: Has the EU created a real-life cookie monster?

Click to follow
The Independent Tech

Cookies are an integral part of browsing the web. They don't make a fuss and they stay out of sight, quietly getting on with their job – a bit like gravity, or the bloke in charge of managing the National Grid.

They're placed there by websites in order to remember who we are, how we like the page to look, how we got there, and how we eventually left. Yes, they could conceivably be thought of as an evil force if you're the kind of person who finds advertising tailored to your specific online interests to be a hideous invasion of privacy, but most of the time they merely oil our passage through the internet. Without them, buying goods online would be a bit like confronting an amnesiac shop assistant who keeps asking you: "What was it you wanted again? Pardon? Good morning, sir!"

But the fact remains that cookies track behaviour – that's their job, after all – and they're placed on our machines by websites without our permission. Well, we passively give our permission, because most web browsers are set up automatically to accept cookies on our behalf. I just had a look, and I appear to have hundreds of the things. Eleven from eBay. Four from my own website (no idea what they do), two from The Reading Chronicle (which seem to be designed to sit there until the year 2013), and 25 from a website I've never even heard of. Looking down the list, it's tempting to delete the lot in a fit of paranoia. Or, alternatively, to go into the browser settings and request that you be notified each time a cookie heads your way. But that would set you up for an evening of being harangued by a computer shouting "Are you sure?" every 30 seconds or so, and no one wants that.

Except the European Commission, bless them. In legislation devised a couple of years ago that was presumably designed to curtail spyware, it was made clear that web services had to ask permission whenever they wanted to store files on our machines, along with "clear and comprehensive" information about why they were doing it. Cookies, naturally, fall within that definition. The deadline for European websites to obey this ruling is a fortnight today, 26 May, and it's causing not a little consternation. Opinions differ on how it will affect websites and their users, because the wording of the legislation is open to varying interpretations, and the guidance offered by our very own Information Commissioner's Office (ICO) is somewhat vague. (It was published along with a note explaining that said guidance is a "work in progress".) Some commentators say that the law is worded so that only websites carrying cookie-depositing advertisements (third-party cookies, as they're known) need to worry. Others say it affects every single European website, and that a worst-case scenario would see web users such as you and I having to click through endless pop-up windows granting permission to accept cookie after cookie. Many of us, of course, would decline them, because we understandably don't have much of a clue what cookies do.

The upshot of this? Our previously "seamless" browsing experience will be upset to some extent. Meanwhile, advertisers, used to a system whereby they can build up a picture of the kind of websites you like, may find that they no longer have such information to refer to. Which you might consider a minor triumph – but many free websites run on the cash that those adverts generate. The ICO is reportedly working with the teams behind Internet Explorer, Safari, Firefox, Chrome et al to try to come up with a browser-based solution to the problem that won't provoke a violent frenzy among the British public, but in the meantime, it's offering advice to owners of websites using third-party cookies that they should make sure they're doing "everything they can". So if, this summer, you find websites posing convoluted requests for your permission that they weren't asking before, blame the EC. And maybe take a moment to ponder that, on balance, it's probably correct that tracking should happen only with our consent. And then click "yes". If you want to.

Comments