It seems that we are returning to the bad old days of constant pop ups online, due to a rather heavy handed law which came into effect recently in the UK. The new law is contained in the memorably titled, Privacy and Electronic Communications (EC Directive) Regulations 2003 and the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. Wading through them is a bit of a chore, so the Information Commissioner’s Office has produced a handy video with the frequently asked questions answered. It is mind numbingly boring:
At the heart of the decision by the EU overlords is a widespread concern that predatory corporations are tracking our every move, cleverly calculating how much toilet paper we use to scrape the shit off our arses and generally invading our privacy in ever more insiduous ways.
Forcing web users to click away consent is largely meaningless. How many times did you read the terms and conditions on some software you bought? (I’ll save my rant about not buying proprietary software and going open source until another day). For most people, the answer to that question is, “never“. We just want to get to where we wanted to go. The days of an individual consumer agreeing contract terms with an individual supplier are so distant that they might properly be described as ancient legal history. Thus we have brought in various pieces of consumer protection law. This new cookie law is a particularly vapid form of protection for web consumers. Practically, it does nothing to protect them, little to educate them and much to annoy them.
One solution would be persuade the major browser manufacturers to change their default settings so that all cookies are deleted on exit. Then the user can change their settings according to their personal taste. For example, they may find it convenient to remember password data for some sites. The problem with this approach is that there are vast numbers of people and organisations using old browsers which they persistently refuse to update.
When you walk into a pub and buy a pint of ale (something I will never do again), you don’t have to sign a form to say that you understand that there might be some alcohol in the glass. Similarly, with the internet, when you surf you should know that you are being watched by a thousand Big Brothers but you have choices about what data you allow them to collect. When you buy the pint, that’s when you give your consent. When you visit Friday Ad to pursue your evil habit of buying pets on the open market, you should realise that your animal fetish is being watched very carefully via various pieces of tracking software, including AddThis, AdJug, AdMeld, AppNexus, DoubleClick, Evidon Notice, Facebook Connect, Facebook Social Plugins, Google +1, Google Adsense, Google Analytics, Media Innovation Group, Open X, ScoreCard Research Beacon, Turn, Twitter Button.
The real solution lies in education. People need to understand how the web works. They don’t need to be able to code it but they must understand the basics. I have set my browser options so that it automatically gives or refuses consent to cookies according to my personal preferences. Everyone can do that. This new regulatory approach forces me and my visitors to make that choice again. That is stupid and grossly inefficient. Virtually no-one is going to change their behaviour because of this law. They are just going to click through, except they will become irritated along the way.
If the purpose of the law was simply to educate people about the data mining carried out on them, an educational campaign would have been more appropriate. If the purpose of the law was to enable people to change their behaviour according to taste, an educational campaign would have stood more chance of success. The rationale of this law escapes me completely. If it truly is so important for consumers to give consent to data miners, everyone should sign off a consent form every time they use a plastic card to buy goods at a supermarket, to allow the supermarket to record what you buy. Absurd.