Who gives a cookie?

Who gives a cookie?

Let’s face it the web can be a dangerous place. There are online scams. There are viruses. There’s phishing. There’s cookies, remember them? Crunchy on the outside and soft in the middle. While cookies are not likely to be exclusively implicated in any of the nasties above, because they can be used to personalise and improve the user experience they may also be used to gather information about you, by third parties, which maybe you didn’t realise.

And because most of us haven’t a clue how the web works, let alone change the settings in our browser, we all need to be much more aware. If you don’t know how to reinstate your home page, reset your default search provider or get rid of all those pesky toolbars that have insinuated themselves, then you need help.

You need Government to make a law to stop this from happening without you knowing.

So from May 2012 you’ll notice many websites – including our own – asking consent to depositing their cookies. The BBC is doing it and C4 is doing it. So how is it going to work? All websites that use cookies must have a mechanism to get your consent – a “click here to enter” kind of thing. Basically an extra click each time you access a new website.

Consent used to be implied, just like going into a shop you accept that the store’s CCTV will record your images.  Now you will have to say – “sure that’s fine for my data to be stored”.

The trouble is there is no real alternative (aka Hobson’s Choice). Don’t want cookies then do not use the website in question or turn cookies off or delete them afterwards.  Frankly no one is going to do that are they? It is like changing the privacy settings on your facebook account. (The BBC website does offer to selectively block certain cookies, but I’ll bet most people won’t bother)

So what data is being stored? Is that data anonymous? Is it accessible by third parties? Can I see it? What do companies actually do with it?  Perhaps we should find out what a cookie actually is.

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is usually a small piece of data sent from a website and stored in a user’s web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity. [1] Cookies were designed to be a reliable mechanism for websites to remember the state of the website or activity the user had taken in the past. This can include clicking particular buttons, logging in, or a record of which pages were visited by the user even months or years ago.

 

Most companies won’t do bad things with cookies; some may gather bits of information on how you use their website, perhaps to show better targeted adverts or just remember you; while others may be profiling you for targeting with more relevant offers, combining it with other info and from other sites you visit; others still may be doing it to track whether a commission should be paid to an affiliate advertiser (e.g. if you are a member of quidco); and others may be doing this somewhat surreptitiously to invade our privacy. Some feel that Facebook and Google are firmly in this department, but they could probably do this without cookies.

Because it is quite new and possibly hazy whether it actually affects you, I predict a bit of confusion. It will be interesting to see just how many companies large and small will comply fully, or whether a general exemption will materialise. It is almost unimaginable that the ICO, the Information Commissioner’s Office will have the resources to chase anyone but a handful of serial offenders.

Because OurLocality uses cookies for all sorts of things we will be offering a tool for all our website owners, but will leave it to owners to decide whether or not to use it. Owners don’t actually have control over which cookies are used for registration (e.g to add comments or contribute to a site, but this is all governed by our T&Cs). Site owners do  have a choice over which tools they use on their respective sites, e.g. Google Analytics and Social Media buttons. We will keep all of this under review and let you know through this website when our T&Cs change. If you want you can opt out of Google Analytics Cookies altogether here.

Unfortunately none of this will not stop real gangsters from stealing our identity or perpetrating real crimes with a victim and physical or financial harm. How many of us ever read the small print before signing up to a service? How many read the small print when taking out a new credit card or a mortgage? Did acres of small print ever prevent previously trusted institutions (Banks) miss-selling Personal Protection Insurance?

So while the idea behind the law is well-intentioned, the cookie itself is probably wrong thing to focus on. Take a look at Channel 4’s Cookie Policy and you’ll see what a minefield this is. Opt out is well nigh impossible, unless you spend a good proportion of your surf time to protecting privacy.  Consent implied or otherwise is not really going to encourage consumers to inform themselves. Too many extra clicks may irritate them though.

As life is too short consenting is much easier, as Alan Carr delightfully explains. This law won’t help us differentiate which services are good, nor make us read those impossibly long T&Cs, including our own, which btw just got longer.

1 Comment