The text below is my attempt to write a simple template letter that web developers can send to clients, explaining the implications of the new cookie law. It is a work in progress and may be changed at any time. It is published here without copyright and as a work in the Public Domain. (Why not Creative Commons? Because - and this was news to me - there are no CC licences that allow for work to be released without attribution to the original author, and I didn't want anyone using this template to be forced to add attribution to me.)
You are free to re-use this text without attribution to the author, to use it for commercial purposes, to edit and make derivative works, and make changes as you see fit. You are encouraged to make changes, because I'm pretty certain that not everything included here will apply to your company or your clients. I accept no liability for any consequences of your use of this text. If in any doubt about using it, please consult a legal professional.
If you spot any errors, or anything you think should be changed, please get in touch with me (giles at gilest dot org) and I'll be happy to make changes.
The European Union has changed the law covering how websites should work, and this affects you.
Please take a few minutes to read through this document. It deals with some technical issues, but we've tried to explain them in a non-technical way. If you have any questions - which we expect you will - please call us after you've read what follows.
The so-called "cookie law" was passed by the European Union last year, but the UK government allowed an extra year's grace before treating it as law here. That period of grace ceases at the end of this month (May 2012).
The new law affects millions of websites across the EU. To find out how it affects yours, read on.
"Cookie" is geek-speak for a tiny text file left on your computer by websites you visit.
If you know where to look, you'll find hundreds, perhaps thousands of cookies stored on your computer's hard disk. Each one is unique, and relates to a specific website.
Cookies are useful. When you do an online shop with your favourite supermarket and it greets you by name, that's because it detected the cookie stored on your computer from your last visit.
When you click the "Like this on Facebook" button on another website, and your Facebook account automatically opens up showing your profile, that's because of the Facebook cookies on your computer.
Cookies are used all over the place, for all sorts of reasons. They're used routinely by web developers everywhere (including us).
In simple terms, the new law says that website visitors must CHOOSE to accept cookies. Instead of simply saving them automatically, every website they visit has to offer them a choice of accepting or rejecting cookies.
(Strictly speaking, the EU has passed a "directive", which is an instruction to member states telling them they have to create a new law using their existing legislature. When we refer to the "cookie law", we're using that as a simple abbreviation to cover both the EU directive and the law here in the UK.)
To comply, the code of the each and every one of those sites now has to include:
On the plus side, the new law says that "essential" cookies can be saved without the user's permission. The definition of what "essential" actually means isn't precise, but as we understand it, it refers to cookies without which the site would just stop working. Even so, the new law requires your site to tell visitors that those cookies exist, even if it doesn't ask for permission to save them.
Also, if a web user decides they don't want cookies, there's only one way for a website to remember that choice - yes, you guessed it, by saving a cookie!
That's one reason why many web developers are unhappy about this law. We understand the need to protect user privacy, but the new law, as it stands, poses enormous problems for website developers like us, and owners like you.
Another problem is communicating the issue to users. Most web users have no idea what cookies are, and will be perplexed when asked if they want them or not.
What's more, cookies are so widespread, that people will very quickly get fed up of being asked to grant permission for them on website after website.
The situation is messy. But it's now the law, so we have to deal with it.
Rather surprisingly, most companies haven't done a thing. Millions of them, all over the EU, are breaking the law right now as a result.
We'd like to stress at this point: we are not lawyers. We are web developers, and we're trying to make the best of a bad situation. We do not advocate or condone any of the options listed here: we are simply listing them as possible options.
Our advice is: Don't Panic!. We're optimistic that a sensible and pragmatic solution will be possible, especially once larger companies and government departments start taking steps to make their websites compliant.
We hope we have explained everything clearly. If you have any questions, please don't hesitate to get in touch.