Clownshoes: adj. – seeming ridiculous, completely out of place or proportion; utterly impractical.
It was impossible to research the new cookie law without developing a thorough hatred of it.
My original idea was to write two articles, arguing in favour and against the law. But as the hours passed I simply couldn’t abuse enough substances to make me say anything kinder than “well, at least they meant well”.
So screw it. Let’s give ‘em both barrels.
1. The law criminalises everyone
The law was meant to protect the privacy of people using the Internet. To accomplish this, the EU made over 90% of websites illegal.
Let us imagine we wanted to ban bullying at school. Like the EU surveying the Internet, we might look at bullying from afar, conclude that most bullying is verbal, and decide the solution is to ban all children from speaking.
Now if we proposed such a ridiculous notion you might expect people would complain! Perhaps people closer to the problem of child bullying might say:
- But most child speech is harmless!
- You can’t ban child speech – it’s unenforceable!
- If you ban child speech, other countries will have an advantage!
- Entire industries depend on child speech! We’ll go out of business!
And so on.
Of course if you replace “child speech” with “cookies”, you’ll arrive at the situation we have today. Well meaning, but ultimately clueless bureaucrats have made the oldest of law making mistakes – they’ve made a law about something they don’t understand.
2. Most users actually like cookies
Users may not understand cookies, but they’ll understand if you start taking them away.
Imagine a new web browser that abides by the EU’s law, and requires users to opt into cookies with full consent. Such a browser would start by denying all cookies, and display a popup each time one was needed, allowing the user to opt in.
We would like to take the EU Council and force them to use such a browser for a month, if indeed the majority of them are qualified to operate a mouse.
Even if this browser existed in a perfect ecosystem of well behaved websites and clear privacy policies, it would take twice as long to accomplish anything. The simple fact is people don’t like being interrupted with questions they don’t care about when they’re trying to get something done. So they’ll just blindly click yes or no and resent your website slightly more.
3. The law is technically illiterate
The law doesn’t actually target cookies alone – it refers to ‘information stored in the terminal equipment of a user”. So anything stored on your computer, basically. They actually lump spyware and viruses into the same description as cookies (see recital 66 in the EU directive).
Like us banning child speech, they heard criticism from industry and decided to allow a narrow exception for cookies which are absolutely essential to accomplish exactly what the user requested. That’s like us saying we’ll allow child speech only if it is required for the child to stay alive.
Taken to its logical extreme, the law should prohibit query parameters – or even URLs – without consent, because these could be used to track the user (and given the new law, probably will be).
Cookies are going to be exceedingly hard to remove from existing technology, and the one year grace period is not close to enough. The technology doesn’t even exist yet, and by the time it does you’re not going to force the entire EU to upgrade their Content Management Systems, analytics, social plugins, discussion forums, conversion tracking and advertising mechanism in a year.
But any web designer could have told them that already.
4. The law is economically ignorant
The Internet is an incredible engine for economic and educational growth. Consider a world without Google – a company that makes over 97% of their revenues from targeted ads. The Internet economy we live in means that a child with a smartphone in Africa can use billions of dollars worth of search technology for free and Google can create jobs and make a profit.
Similarly, the undeniable impact of Facebook, YouTube or Twitter wouldn’t be half as pronounced if they weren’t allowed to pay for themselves via efficient advertising. That is literally their business model.
None of this is possible if we can’t track people. I’m not saying this shouldn’t be regulated, or that there aren’t concerns, but let’s not outlaw all music to prevent another Justin Bieber album.
The companies which are building the jobs of tomorrow are increasingly on the Internet. If Europe wants to build the next Facebook, Groupon or Google they can’t criminalise the very technology they’re built upon.
5. The law is clumsier than an elephant on greased rollerskates
If you read the law in detail, it’s clear it hasn’t been written by anyone who understands the Internet. I’d naively assumed when legislating something, you employ experts on that something.
The sheer volume of bumbling, apologetic half-explanations falling from the government mouthpieces is almost as comic as it is tragic:
“we are working with industry and other European data protection authorities to assist in addressing complexities and finding the right answers”
From the official UK regulator’s guidance, released on the day this became law, entitled “No, we don’t know what to do either” (Actually, it’s “Changes to the rules on using cookies and similar technologies for storing information”. I prefer my title).
A few alternatives
I will concede that there are genuine privacy concerns posed by the Internet, but the current law isn’t the solution. Here are my own thoughts:
- Educating users to understand cookies. Have the advertising industry pay for a brilliantly clear website explaining cookies, with instructions on how to opt out. Require them to show it to tens of millions of people.
- Requiring legible cookie policies. Set a template which is simple, clear and consistent, and require all companies to use it and point to it in a standard way, e.g. at a fixed URL.
- Define a viable internet standard. Websites which use certain cookies could be required to set a new meta tag or header explaining what those cookies do. Browsers would be happy to support this, and could provide useful controls to show concerned users information if they wanted it.
The new law means well but gives little consideration to the majority of normal website owners or consumers. Our best hope is that like so many other ridiculous laws, it gets ignored entirely.
Or you could always move to another country.