So what are you doing about the cookie law?

I know Paul wrote his article that makes us all feel better about the cookie law and that it won't quite make all websites illegal (like stated in this article!), but this only addresses websites that use cookies for analytics, and ones for login cookies. 

But what about all the other websites that might use cookies - does anyone here have a good solution other than invasive javascript like at the top of this site: http://www.cookielaw.org/

Is this a problem for anyone here? Do you have a solution?

Darren

I think a lot of the problem is more that it has to be intrusive on a site that needs to use cookies to function properly. If its an application that requires authentication to use then it's simple enough to set a flag per user. But when it comes to a publicly available site that requires cookies then it has to be intrusive to gain their attention enough to get permission to use cookie (that lived in the house that Jack built).

The other alternative I can think of is along the lines of the fallback for flash not being supported. Where you use cookies have the actual content blanked out with a message to give permission for cookies to be used if permission has not been given yet.

Doug_S

I'm American; I am scoffing.

Darren

Shush you or do I start chanting SOPA...SOPA...

Doug_S

Go for it. We shot it down, PIPA as well.

Now if you'll excuse me, I have tittering to do.

DavidBall

I absolutely think we should shoot it down just like SOPA. My company built this site to protest the cookie law: http://nocookielaw.com 

If we get enough people to sign the petition we can prove to the politicians who don't seem to understand the internet that this law needs either some serious revision or scrapping altogether! 

Doug_S

We seem to be getting CISPA, now... Thankfully, Obama is saying he'll veto.

Leesy

Our company does a lot of work with local government in the UK so it's something we are being asked about quite a lot.  I've looked at the guidelines etc. and a lot of it is very "wooly".  From what I've seen there's very little clear guidance and because of this we are going with our interpretation of what we think we need to do.  In our case, it's normally a privacy policy linked to from every page that describes our cookies & what they are used for.  The cookies we store don't contain any sensitive data so I believe this will be fine.

It's a really stupidly put together law and it's either going to require either a test case to find out exactly what needs to be done, or it will be dropped/adjusted.

I would say you don't need an intrusive popup for the majority of sites.  After all, you don't see them on the BBC News or any other of the major UK based sites and those will be the ones under the spotlight first.

adriandhart

@Leesy You are pretty much on the money. We are of the same opinion. We use build our sites on Magento and Wordpress. They both use cookies in order to function once a user is logged in. We also use Google analytics and GetClicky for visitor analysis. All of these use cookies but, as you said, none store any data more sensitive than the browser used and which of the major OSs you use. Therefore we feel we should not have to create an intrusive user action to seek permission for this.

We haven't seen John Lewis or any of the major eCommerce players making any moves yet. It seems everyone is waiting for somebody to make the first move.

Darren

The law states that cookies essential to the running of the site are ok and generally do not need to be ok'd by the user
. With those it is fine to keep doing what you're doing and keep information available to those who don't wish to use them.

it seems they are worried about tracking cookies etc, but personally I'd argue for more strict implementation of the do not track header that browsers are beginning to implement. It's something that can solve the problem, uses existing technology, does not impact user experience and is easy to check if people have implemented.