Cookies and you: An update

The EU cookie law goes into effect May 26. This is a great law because finally, all privacy issues will be permanently eradicated from the internet.

If there was ever an example of politicians really "getting" the internet, it would be this. The law requires that you list on your web site all of the cookies that get set by your web site, and the purpose of each cookie. Not even session cookies, or Javascript cookies that are never sent anywhere but simply used as boolean "flags", are exempt; and this makes sense, because cookies of this nature are infamous in hacker circles for their unparalleled ability to steal your credit card, read your email, and sleep with your wife. The law also requires you to get "opt in" permission from a visitor before any cookies can be set. Redirecting every visitor to a page with this information and the ability to opt in to cookies is a great solution, because every additional step between a visitor and a conversion increases revenue by 10x, according to a study from AreYouFreakingKiddingMe, LLC.

We just updated our privacy policy to list all of the cookies that may get set by your site if you have Clicky installed on it, in case you need it. If this law applies to your web site, we're sorry, but you can either explain all of this to your visitors and let them opt in, or follow the instructions here to disable cookies.

We've had the option to disable cookies in tracking for a while, however that was created back when we only had one cookie ("the" tracking cookie). Since then we have added several more, whose purpose is to make the code more efficient and save resources on our end from deactivated/non-paying site (these being the session/boolean cookies mentioned above). Up until now, disabling cookies had no effect on these extra cookies. Because they were never sent to us, we didn't think it would matter. And it shouldn't. But now it does. Our tracking code has been updated so all cookies will be disabled now when this option is set (except one, but that will only be set for sites that are no longer using Clicky but still have the code installed, which is against our terms of service).

UPDATE: A user pointed out that Cloudflare still sets a cookie. We use them for our CDN (static.getclicky.com). Their wiki says that cookies cannot be disabled. We have reached out to them for their plans regarding this law and will update you when we know more.

UPDATE: Interestingly, the BBC, one of the biggest UK web sites, specifically states on their new cookie settings page that they embed third party items such as Youtube and Flickr that set cookies and that these are beyond their control so those cookies will still be set no matter how they decide about cookies served directly by BBC. Does this mean that sites embedding third party content or services, such as Clicky, are exempt from having to worry about these kinds of cookies? Who knows, but it's interesting.

17 comments | May 22 2012 3:47pm

Reader Comments

hi iam boy and eager to become friends , with you if you want my love

saeed May 23 2012 1:25am

The new EU KEBORD law should be coming in to effect soon, controlling and prohibiting the use of a highly insure security loophole with computers and the internet. This coupled with the cookie law should finally stop all fraudulent activity on the internet. By restricting the usage of such highly insecure devices such as the keyboard and mouse we can finally achieve the levels of privacy and security required by the EU Government.

Simon Nicklin May 23 2012 1:28am

This is great news, but I'm having some problems as it doesn't appear to be working for me.

I have posted on the forums http://getclicky.com/forums/?id=12891 but haven't had a response yet :(

If we can get it going, it's a really good selling point to move people off GA!

Deargeek May 24 2012 12:26am

Anychance you guys could create a little script widget we could paste on our sites so that visitors can disable the clicky cookie?

chris May 24 2012 5:17am

Hmm, forgot about Cloudflare's cookies. We use them for our CDN (static.getclicky.com). Their wiki says that cookies cannot be disabled. We have reached out to them for their plans regarding this law and will update you when we know more.

Sean (Clicky) May 24 2012 10:39am

If I'm in the United States, and my site isn't specifically targeting EU visitors even though they do come, do I have to worry about this?

I feel sorry for you guys that do...

Thanks!

Lizabeth May 24 2012 7:49pm

No, it only affects web sites own by people who live in the EU, and for now, only the UK I think.

Sean (Clicky) May 24 2012 8:52pm

i second Chris comment would be much easier if you could create a link for us to allow users to easily opt out of your cookies as other web analytics services have done xx PLEASE

Jen law May 25 2012 6:44am

Jen in order for us to be able to remember that random person X has opted out of our cookies... we'd have to set a cookie. :)

Sean (Clicky) May 25 2012 9:22am

This looks like a great collection of sharp personal! But I'm a little too aged for cookies and a bit to doggone I hope the country boy gets a hobby.
Good luck Hiram!

Roger Warner May 25 2012 1:08pm

One of the key points that also needs to be considered with the new EU cookie law is that an audit needs to made of the cookies on your website(s) and it needs to be documented.

I work in Affiliate Marketing, primarily working with my discount voucher website http://www.latestdiscountvouchers.co.uk, and there has been a lot of help given by the companies that I work with as well as the Internet Advertising Bureau (IAB). The companies are being very pro-active is providing useful information to make it a little easier for their affiliates.

My major headache is that I have a lot of websites, some of which aren't exactly functional, but I'm assuming they all need to have the same treatment regarding the new changes and that is no quick task...

NickG May 27 2012 6:03am

FYI - The UK cookie law implementation was watered down at the last minute:
http://www.guardian.co.uk/technology/2012/may/26/cookies-law-changed-implied-consent

The BBC web site has a cookie link at the bottom of the page that includes some interesting information regarding their interpretation of the law (my gold standard). The Cookie Settings page includes a note at the bottom saying that they link to third parties that may set cookies that are outside of their control.

David Miller May 28 2012 6:54am

Thanks David.

Honestly I have no idea what the heck is going on with any of this junk at this point.

Sean (Clicky) May 28 2012 3:10pm

This is all very confusing. I have a number of Wordpress static and blog sites all of which use analytics. Some of those sites are business sites some are just info sites. What do I do? I genuinely have no idea how to press forward with this. (I'm in the UK btw).

Kevin Ball May 29 2012 4:25am

Guys - I wouldn't worry yourself too much with is as an SME - even the those responsible for policing the EU Cookie Directive in the UK, the ICO, don't really know how to properly interpret this

I'd suggest simply including an area on your privacy page which states that you use cookies and generally what for, with a link to find out more via one of the many useful sites such as http://www.whatarecookies.com/

For now they'll be chasing larger organisations but what they'll be chasing, no ones quite knows right now...

Depesh May 29 2012 9:39am

Depesh, yeah that's basically what I've done. Explained I use cookies for logging in and for analytics, linked to whatarecookies and explained how they can switch cookies off but the site might not work!

Kevin Ball May 29 2012 3:26pm

Here is what Financial Times (ft.com) have done to make their website compliant with the EU cookie law: http://i.imgur.com/6YN7P.jpg

It looks nice to me.

Ivan Arnaudov May 31 2012 11:45pm

Recent Comments

Cookies and you: An update

Reader Comments