Cookie Crumbs Everywhere!
Proving that cookies can indeed be quite messy, the way that the ‘Cookies Directive‘ is being implemented is pretty dreadful. The Directive was supposed to force Web-site owners to provide more information to the people who visit their sites, and allow them to make an informed decision on whether they want to accept cookies. It’s a great idea. Most people using the Web don’t have the faintest clue what a cookie is, and there can be clear privacy concerns around their use.
The way the idea has been put into law is not so great though. Being a directive, it has no direct legal force on the people who run sites. Instead, it is written into the national law of each EU member state. There are rules on what type of law the EU should make, with the general idea being that the law should be made or implemented as close to citizens as possible. But I can’t see how a law that explicitly addresses Web-site operators is something that should exist in patchwork across the continent.
Take this blog as an example: I write it from Belgium, it is hosted in the Netherlands, and it has visitors from every single country in the European Union (and beyond). I would guess that I am bound by Belgian and Dutch law, since I live in Belgium and choose to use a server in the Netherlands. But do I have to abide by the laws of every other EU state?
Putting aside that question (a scan through law journals will show that any blog post will be insufficient to explore it), the patchwork nature of the Directive’s implementation leaves me with two obvious sets of applicable law that have failed to implement, and a third set of laws that I could likely be subject to, that has implemented in a confusing and chaotic way.
Enough has been written on the UK ICO’s application of the ‘Cookies Directive’, I won’t add to that here. What would be nice though, would be some clear information directed at people who run small sites and blogs, on how on earth we are supposed to comply with a law like this.