The EU Cookie Law compliance horror show

For a recent client project I conducted a review of several dozen web sites belonging to grassroots organisations affiliated to this particular client. These sites, which were all of very recent vintage, stood as sad testimony to the trouble that the Information Commissioner’s Office caused by moving the goalposts of the UK’s implementation of the EU Cookie Law three times in three years. I was confronted with intrusive, incorrect, and disruptive cookie law implementation strategies which didn’t even need to be there. At best, these strategies disrupted the user experience on the site; at worst, they prevented it completely.

(REMINDER: in the UK, you do not need cookie consent popups, dropdowns, windows, hovers, or flying saucers. You do not need to make your visitors tick a box consenting to cookies being stored. You do not need to redirect visitors who opt out to another site. If you have these on your web site, take them off and replace them with a simple cookie advisory in your footer, linked to your terms and conditions page.)

No one puts in a compliance strategy in advance of a law going into effect on the assumption that the law will change 180° on the day it is implemented. Yet that is exactly what happened with the EU cookie law in the UK. The people who implemented these strategies onto these web sites will have done so with the best of intentions and full confidence that they had done things correctly. They may be in for a bit of a shock to learn that their time was wasted and their site visitors are seriously pissed off.

In the spirit of making tequila out of lemons, I am going to showcase some of these implementations as examples of how not to do cookie law implementation on web sites.

So here we have a very large cookie law banner which uses black text on a dark blue background. You might have to slouch down in your chair to see it. If you don’t know enough about CSS to change text from black to white, you should not be dabbling in web development. Aside from that, active opt-in – that tick box – is no longer necessary.

This nanny banner stalks you. It follows your mouse until you agree to tick a box which is supposedly in your own interest. It’s as scary as it is unnecessary.

This banner forces active opt-in while inviting you to have a leisurely read of the actual legal documents of the EU cookie law. All I wanted to do was find out what time the bike repair workshop was on.

The “smartass” banner lets the site owner boast about how much they know (which turns out to be completely wrong) and demands an active opt-in to gain access to the site.

And another one. “UK/EU Law state you require to accept to view our website.”

No, it doesn’t. Ticking the no box on both of these sites kicks you off the site and onto Google. What a tasteful way for charities to operate.

If this review sounds a bit caustic it is because some of the web sites using the implementations you see above belong to organisations which offer web design as a value-added service to their members and communities. They are teaching these strategies as best practice examples. I get frustrated when I spend hours working with charities and organisations to help them put their best feet forward online, only for them to turn around and treat their web sites like they are dads doing weekend DIY in the garage.

So, organisations and charities, we need to have a little tough love here. If you insist on keeping an incorrect legal implementation that makes your site impossible to visit and then redirect your service users who click “I don’t agree” to the Google home page, that’s fine. Just don’t complain when you lose your funding.

About the author
Heather Burns is a digital law specialist in Glasgow, Scotland. She researches, writes, publishes, consults, and speaks extensively on internet laws and policies which affect the crafts of web design and development. She has been designing and developing web sites since 1997 and has been a professional web site designer since 2007. She holds a postgraduate certification in internet law and policy from the University of Strathclyde. Learn about hiring Heather to write, speak, or consult.