So you will now be seeing lots of messages on all your favourite websites talking about cookies and while it may sound like a very tasty subject it's a thorn in the side of web developers and web users alike.
Some European bureaucrat in his infinite wisdom has decided that it was insufficient being able to see what cookies have been saved from the settings menus in the browser and that websites should have to go to the expense of overhauling their sites to ask permission before cookies are saved (even though a site may fundamentally not work like that).
It's worth saying here that cookies are completely safe. They are just small text files that a website can save on the computer once a page has been visited, other websites cannot view these cookies and they are so small in size that the storage space is insignificant. While a website can put whatever text they like in them there would be no point putting malicious code in it because there is no way to trigger the code.
It seems the government is trying to fix the unemployment problem by giving thousands of programmers menial jobs to do.
As well as the massive task of changing all these websites what other problems are there?
Well I'm pleased you asked...
The first few seconds a user spends when they initially come to a website are so important and I cannot overstate this enough, it would be terrible if this time was spent reading about cookies. Websites could find they have a decreased average time on site and an increased bounce rate (users leaving them). Does this now put American websites at an advantage over our own now? Websites spend a lot of time and money making sure the right messages are displayed in the right order in the first milliseconds a user spends looking at the site, and this is going to be counterproductive to all this research.
Displaying messages to the user about cookies can be confusing, worrying and off-putting. Most websites have no choice but to put a large message up on every page, using some of their precious screen space, and I believe this is not what web users want. Every click a user makes is crucial and it is a challenge for web designers to keep their attention so the user doesn't leave the site. This has now been made a bit harder because we will have to get that extra click asking permission to save cookies.
I don't know how search engines are going to handle all this new text information, it is likely that any cookie messages that will be displayed will also be in a prime SEO location, so it could negatively impact sites (however Google are too smart to let this happen). I feel sorry for websites legitimately trying to sell edible cookies because they now have to literally compete with millions of other websites.
I am also unsure why the onus has been put on the websites to improve things, it seems to be the least efficient way to manage this because of the vast number of websites that now need to be changed.
At the heart of this is trying to get web developers and web users alike to question why a cookie has been saved. A web developer needs to ask "Do I really need to save this cookie?" and a web user needs to ask "Do I really want this cookie saved?".
Other ways this situation could have been handled:
- Simple user education, if internet users knew what cookies are and what they do they can make their own risk assessment.
- Categorising the cookies, it would be very easy to programatically guess what is contained in the cookie and once this has been done either by the browser or a separate program different cookies could be handled in different ways. This program could look for session ID's and only allow them for a maximum of 30 days, or reject cookies that look like they are storing E-mail addresses.
- Third party tools for managing cookies, programs could be written that pop up when a cookie is being saved and what that cookie contained, the user could then either accept or reject the cookie. The program could even heuristically learn how to handle cookies in the future. I'm sure some antivirus companies would love to get involved with this.
- Make it easier for users to see what is contained in a cookie so they can remove it if it is personal.
- All browsers already give the functionality to view and remove cookies, and I don't think the browser companies should be left with the responsibility either, however one option is to radically improve how browsers manage cookies and how they are managed by the user.
- Change the cookie system to allow a description of how the cookie is used to be saved, this is the most complex however I love the idea of a small notes field where a programmer can say why a cookie was saved and this gives the user even move information about when and why cookies are used.
We are really unhappy about the changes, however we have no choice but to follow the law. I think the reason for making the law change was unnecessary and will have a big impact on many companies when there were other ways that the problem (if there is even a problem and I don't think there is) could have been solved that would have given some companies more opportunities to develop new technologies or update the existing cookie technology.
I also think that some EU council member got caught by his wife looking at porn from the cookies that were left on his computer.
tldr: The websites that are legitimate will have to spend loads of money, time and resources implementing the cookie law, while the websites that are trying to hide their cookies will just not say they save any.