UK Cookie Consent Banners Draw Complaints

nk497 writes "Earlier this year, the UK's data watchdog the ICO started enforcing an EU rule that means websites must ask visitors before dropping cookies onto their computers. However, it was willing to accept 'implied consent' — telling visitors that cookies are used on the site, and assuming they were fine with that if they keep using the site. That led to banners popping up on every major website, including the ICO's site, warning users about cookies. Now, the ICO has revealed that many of the cookie-related complaints it's received in the past six months are actually about those banners — and the law itself. The ICO said people 'are unhappy with implied consent mechanisms, especially where cookies are placed immediately on entry to the site,' adding 'a significant number of people also raised concerns about the new rules themselves and the effect of usability of websites.'"

The article itself has one

[tepples]

From the featured article:
"We use cookies to ensure that we give you the best experience on our website, including improving
the relevance of advertising from other organisations, as set out in our cookie policy.
By using this website you agree we may place these cookies on your device."

Baffled

[Anonymous Coward]

Why do I need a law about cookies when I can very easily manage who I allow to put cookies on my machine? Why would I trust a third-party site to respect my wishes on cookies? This whole thing seems like government overreach to me.

Most users are not geeks

[tepples]

Why do I need a law about cookies when I can very easily manage who I allow to put cookies on my machine?

Because most users other than you have not been trained in how to "very easily manage who [they] allow to put cookies on [their] machine".

Re:Most users are not geeks

[IamTheRealMike]

You don't need to be trained. If you hear about this issue and care, you can just search on Google for "how to disable cookies" and get the main browsers help pages right at the top. This isn't exactly rocket science.

Re:

[Anonymous Coward]

and yet this is a skill most users don't posses.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[davester666]

If only there were some kind of way for people to find out how to drive, say through widespread knowledge of a training and licensing program by the state.

Of course, people should be expected to understand and manage not just regular cookies, but the Flash database [also used for cookies], your browser local-storage [also used for cookies], and probably other places, and know how multiple websites may store/use one or more of these locations to track what you are doing when you visit a single web page. Of

Re:

[tlhIngan]

If only there were some kind of way for people to find out how to drive, say through widespread knowledge of a training and licensing program by the state.

Of course, people should be expected to understand and manage not just regular cookies, but the Flash database [also used for cookies], your browser local-storage [also used for cookies], and probably other places, and know how multiple websites may store/use one or more of these locations to track what you are doing when you visit a single web page. Of c

Re:

[sudon't]

Setting application preferences is hardly a "skill." All anyone really has to know is that: web sites use cookies, and what are the simplest, most basic ways that they are used by web sites. Then you use the cookie managing settings in your browser, or add an extension that does that. Do you really have to be a geek to get that far?
Even so, do we really want all of our legislation aimed at the lowest common denominator? I think we've gone too far in dumbing-down things as it is. Rather than passing a law t

Re:

[tepples]

All anyone really has to know is that: web sites use cookies, and what are the simplest, most basic ways that they are used by web sites. Then you use the cookie managing settings in your browser

That's not enough. Adobe Flash Player has its own cookie storage, for one, and HTML5 added localStorage.

Do you really have to be a geek to get that far?

Yes. As new web technologies add new techniques for saving the state between one offline session and the next, users will need to find new ways to manage these stores of state.

Rather than passing a law that, in saving the most ignorant from themselves, inconveniences everyone else, why not try to educate people a little, instead?

Because education doesn't get politicians reelected.

Re:Most users are not geeks

[frisket]

Setting application preferences is hardly a "skill."

Oh yes it is. Most users have absolutely no idea you can even do this.

Do you really have to be a geek to get that far?

Unfortunately, yes.

Re:

[RajivSLK]

Clearly the law is misdirected. The law, if needed at all, should require web browsers to explain cookies and how to manage them upon install and on their start-up pages.

Perhaps, even require web browsers to make it easier to view cookies by domain or something. A standardized icon that you click which shows you all the locally stored information for a particular site.

Or maybe something akin to the "lock" icon that shows up when a site drops a cookie and clicking on it gives you the option of viewing and

Re:Most users are not geeks

[Fallingcow]

Is the Google in my Internet? I don't think I have the Google. My Internet is Comcast.

Mod Parent +1 Insightful

[JoshDM]

Dear Mom, I would give you all my moderator points if I had them. Now please stop using the computer. -Josh

Re:Most users are not geeks

[dmacleod808]

you forget the subset of the population who does not fundamentally understand how to use google. Step 1. Go to google.com Step 2. Search for Yahoo. Step 3. Click on yahoo. Step 4. Search for gmail.

Re:

[kelemvor4]

I recently saw a woman double clicking links on webpages. They're out there.

Re:

[Anonymous Coward]

I actually forked a copy of Firefox, to require double clicking of links, because I prefer to browse the web that way, and it was unsupported behavior that I couldn't achieve without modifying source code.

Re:Most users are not geeks

[Obfuscant]

It's a natural response to a computer system where you have to double click some things to get them to do something and single click others. Why waste time clicking once, waiting to find out that nothing happened, and then have to double click it again?

Same computer, same mouse, same display, different actions.

I find this to be an issue even in Linux. My desktop has a firefox icon on the desktop, and one in the taskbar at the top. On the desktop, click twice. In the taskbar, click once. I'm very used to seeing the warning from firefox that there is another instance running ...

Re:

[tepples]

So perhaps it might be a good idea to standardize what single and double click do. What's the better way to distinguish the "select" action from the "follow" action?

Re:

[DarwinSurvivor]

I like what dolphin (in KDE) uses. Clicking a file opens it, but each file also has a green "+" in the corner to let you select it. When selected, the green "+" turns into a red "-" to let you de-select it (this also lets you select multile files easily). To deselect all, just click the whitespace between icons.

Re:

[h4rr4r]

That is the real DO NOT TRACK, that is what should be made default in browsers.

Re:

[TheRaven64]

Okay, how do I, on an Android device (I'll make this easy, and you can use your choice of browser):

• Disable all cookies from third-party site (i.e. ones from domains other than the ones that I am browsing to)
• Selectively delete cookies (i.e. keep the ones I want, but delete all of the rest) or
• Ask it to prompt me to either allow-once, permanently allow, or permanently block a site from storing cookies, or
• Give me the option to delete cookies from non-whitelisted when the browser exits, but persist others

If

Re:

[pla]

Because most users other than you have not been trained in how to "very easily manage who [they] allow to put cookies on [their] machine".

"Daddy, why don't we steer the car, like I can on my bike?"
"Well, son, it used to take way too long to train people how to handle such a complex task as steering. So, the government made a law to protect us!"
"So why do I still need to do math in school? That takes too long, too!"
[chuckles], "Don't worry, they'll get rid of that soon enough - No one needs math hard

Re:

[innocent_white_lamb]

Making change?

Nobody knows how to make change any more. I don't have electronic tills in my business and I have NEVER hired anyone to work here who knows how to make change. (Count up, don't subtract.) I have had to teach everyone how it's done.

I guess I'm an old coot, because I remember being taught how to do this in school when I was in, maybe, grade three or thereabouts.

Re:

[Obfuscant]

I guess I'm an old coot, because I remember being taught how to do this in school when I was in, maybe, grade three or thereabouts.

Dude. Teaching kids how to make change requires a reference (if not actual practice with) coins. Coins are a form of money, and it would be insensitive to refer to money when a student may not have any. Or may come from a culture where there are no coins. It could stigmatize that child, stunt their innate desire to learn, or traumatize them when they find out there are things they don't know about.

You insensitive clod.

Re:

[Trepidity]

very easily manage

I think you will find this is not true for the vast majority of people.

However, this regulation doesn't seem to really improve matters, either.

Re:

[innocent_white_lamb]

Firefox Android doesn't. You can "clear all private data" but you have no control other than that. You can't refuse them while browsing, and you can't keep cookies that you might actually want if you "clear all", either.

See? [mozilla.org]

Re:

[TheRaven64]

As far as I can tell, no Android browser has the kind of fine-grained control over cookies that has been standard on desktop browsers for 5-10 years. I sort-of understand if the WebKit installed on Android doesn't have this kind of control that third-party WebKit browsers might not add them (although Chrome uses a different - slower - version of WebKit, so doesn't have this excuse), but why do Opera and FireFox not support sensible cookie management?

Re:

[GuldKalle]

If they really wanted, they could have forced the browser makers to ask about cookies by default. More secure (no chances of sites deploying cookies behind your back) and more user friendly (user can change settings once and for all).

Re:

[jonbryce]

It is only "tracking cookies" that require permission in the EU. Cookies that for example record the items you have placed in your online shopping cart so the site can remember to sell you all of them when you go to the checkout do not require permission.

Re:

[Lumpy]

Why do I need a law about privacy when I can very easily manage who I allow to see me or look at me through the windows in my home? Why would I trust a third-party site to respect my wishes on privacy? This whole thing seems like government overreach to me.

I'll be over with a camera to take photos of you in your home later.

Re:

[Johann Lau]

Seriously? This is the best you can do?

Are you projecting? You are not responding to the post at all, but a strawman.

There IS no law saying that someone cannot look through my window, simply that they cannot come on my property

They said "take photographs". And there are laws against that. There are also laws against harrassment, so if you stood right in front of somebody's window, 24/7, just staring, no judge in the world would say "but the plaintiff can just close the blinds and live in darkness". We're no

Re:

[sunderland56]

Why do I need a law about cookies when I can very easily manage who I allow to put cookies on my machine?

Pray tell, how do you "easily manage" this?

The problem is, most web sites these days need cookies just to function. Web browers generally have a "allow cookies, but erase them all on exit" setting, which allows you to browse the web, but not get tracked(*). However, I see no easy way of setting things up to allow some sites to place permanent cookies, and all others to have them erased on exit.

(*) - of course, cookies are only one of the ways web sites can track you....

Re:

[innocent_white_lamb]

Firefox (non-Antroid version) does this quite simply. You just set the default to accept no cookies, then temporarily allow cookies and create exceptions ("Allow" or "Allow for session") as needed.

It's kind of like setting up Noscript to manage javascript and flash -- a few days of pain and anguish is required to get everything set up to work with what you need, and then after that it just works.

I wish Firefox Android allowed this too, but it doesn't.

Re:

[troll -1]

Mod parent up. Making laws against cookies is nothing more than government self-promotional propaganda. Governments do this all the time to justify their power. One of the biggest cons ever is the government convincing you that you need them to protect you because you're not smart enough to look after yourself. And without the government protecting you people will do bad things to you -- with cookies. What the government does all the time is look for the slightest issue, create a law for it, and then try to

Re:

[Johann Lau]

Why do I need a law about cookies when I can very easily manage who I allow to put cookies on my machine?

Exactly! And why do we need laws against rape, since I am clearly able to defend myself?!?

Why would I trust a third-party site to respect my wishes on cookies?

Why would you assume they need your cooperation? There are plenty ways to track you without setting cookies, including etags and fingerprinting. Technically there is fuck all you can do about those; legally, they fall under the same umbrella.

Of cou

Re:

[Synerg1y]

Consider the other internet laws they're trying to pass in the UK in regards to social networks & ISP monitoring, etc... this law is relatively minor in comparison to the absurdity of it's neighbors.

Re:

[LingNoi]

because politicians and privacy groups upset about cookie tracking went way overboard and fucked the web for everyone.

Re:

[KingBenny]

yah, demonstration of insight by the lawmen and makers i suppose, if they need to do this then they need to enforce your standard browser automatically ask or warn at every cookie unless you explicitly deny it because it gets in the way of about everything ?
advice costs souls, beware

Re:

[beefsack]

What confuses me is why isn't this implemented as a browser mechanism? Simple cookies aren't useful if they aren't returned on subsequent requests, if it's blocked by an action on the client side, then there's no issue.

Blocking things like Flash cookies are another story though.

Irony

[Rik Sweeney]

These banners annoy the living crap out of me. Every time I go to a website, they pop up, obstructing the screen.

Of course, there is a way to make them go away, by accepting the cookies on the website.

Whereas before I could just discard cookies upon exit, I now have to permanently accept them just to stop these banners appearing.

Oh, the irony!

Re:

[Anonymous Coward]

Use an adblocker to block the <div> they're related to. Job done!

Re:

[wangi]

Kwikfit: http://www.kwik-fit.com/ [kwik-fit.com]
(but in doing so, and giving four levels of cookie control it's way too complicated)

Re:

[antdude]

So, use an ad blocker. :P

android browser

[Dark$ide]

The fucking pointless cookie popups are a monster PITA on my phone. Especially when I clear them every time I close thr browser to save space.

Re:

[Fallingcow]

They should leave a long-lived cookie to let the page know that you've already seen and closed the banner.

Re:

[h4rr4r]

Golf clap.

Bad Law

[TheNinjaroach]

If I didn't want to have cookies on my PC, I'd disable them in the browser. This bad law annoys the crap out of me, and I don't even live in the country that implemented it.

Re:

[TheNinjaroach]

Incognito / Private Browsing hasn't accomplished that already?

Re:

[91degrees]

Not everyone has the technical knowledge to do that, or to really know what cookies are or quite how common they are.

Good 'ol EU

[Anonymous Coward]

an EU rule that means websites must ask visitors before dropping cookies onto their computers

First I've heard of the rule.

Hah. How ridiculous. Wonder how the people who decided this was a good idea felt when they discovered nearly every damn website on the internet uses cookies.

Step 1...

[fuzzyfuzzyfungus]

1. Law is passed in an attempt to curtail your behavior.

2. You object to this law and wish to continue doing whatever the fuck you want.

3. You implement the most annoying clickwrap contract-of-adhesion you can come up with to stay within the letter of the law, continue doing whatever the fuck you want, and imply to your customers that regulatory meany-heads are to blame for their experience sucking.

4. Profit!

Re:

[IamTheRealMike]

The law requires exactly what is being done, so much so that the regulators themselves do this (thus setting an example for everyone else). How exactly is this some nefarious plot by website operators, again?

Re:

[h4rr4r]

Because an easier solution would be to not use cookies?

There is no benefit for their use to me on 90% of the pages I visit. No targeted advertising is not a benefit, it is the opposite.

Without a cookie, you cannot log in

[tepples]

There is no benefit for their use to me on 90% of the pages I visit.

All that tells me is that you browse more web sites as a visitor than as a registered user. Without a cookie, you cannot post on Slashdot as h4rr4r; you can only post as Anonymous Coward. Without a cookie, you cannot read your webmail. Without a cookie, you cannot buy things from online stores that use a shopping cart (your cart ID is stored in a cookie) or 1-click shopping (which requires being logged in); instead, you have to copy and paste all the SKUs into the window with the payment form. Or would you

Re:

[jonbryce]

Taking your points in turn

1. Put a short one paragraph explanation between the password box and the login button
2. Put a short one paragraph explanation between the password box and the login button
3. The EU regulations don't require you to ask permission for shopping cart id cookies

Re:

[tepples]

Is the short paragraph on this login page [philshobbyshop.com] good enough?

Re:

[jonbryce]

Yes, but if all the cookie does is distinguish my session from other people's sessions, then you don't need permission and you don't need to notify at all.

Re:

[h4rr4r]

Sure so I need a cookie on Slashdot, Amazon and I don't often use webmail so that would be about it.

The other 90% of webpages I don't login too, I do not need them tracking me or advertising things they saw me look at on amazon.

I think that outside of shopping and sites I log into, I do not want cookies.

Re:Step 1...

[Anonymous Coward]

By purposfully mis-interpreting the law, both in action as in "oh whoo me" bullsh*t messages going out to Joe public.

For instance: websites do not need to ask for permission for cookies needed for the programs on the site itself needed to run it -- they are just not allowed to keep any identifiable info after the visitor leaves.

As for a ruling most websites most often conveniently forget ? That they must provide information what they will do with the personal identifiable data once you accept that cookie.

Oh yeah, and the minor point that its not actually about that cookie, but instead of them not being allowed to follow you (no matter the method, including stuf like 1x1 images on the webpage) as long as you do not agree to it.

Yes, many of them they have interpreted the law either as not to effect them (for whatever reason), as a kind of EULA thing (You do not need to know what you are agreeing to, just click "OK" and all will be fine), or have created a popup hell for the user.

Oh, by the way: Did you know that cookies without personal identifiable data in them are already exempt from that cookie law ? Meaning that something like a "FollowMe=No" cookie may be placed without even needing to ask the visitor ? I'm sure they do not (want to) know that either.

Captcha: detach
How fitting.

Re:

[olau]

Look, the whole purpose of cookies is to store a bit of information so you can track the visitor through what is otherwise a stateless protocol. The idea is that you store a small id (the cookie) which you then match up to something you've stored in your database, e.g. the user account, or shopping basket, or whatever. That's what they are intended for.

Yes, there are other ways to track sessions, but they suck more.

Your whole rant smells of someone who has little knowledge of how HTTP works. For instance, h

Re:

[AmiMoJo]

And then find no-one visits your irritating web site.

Of COURSE There Are Complaints!

[Y-Crate]

They're not Biscuit Consent Banners!

BrE: biscuit

[tepples]

I thought the baked dessert was called a "biscuit" in Great Britain.

Re:

[jonbryce]

In Britain, a cookie is a specific type of biscuit that looks like this https://www.privacyinternational.org/sites/privacyinternational.org/files/main-images/blog/cookies.jpg [privacyinternational.org]

Typically devised by idiots

[Anonymous Coward]

The cookies system of consent might be ok if they had been devised by three year olds, but having left it to overpaid politicians, they are not.

Specifically:
1. they popup for all sites
2. they cost users money since its extra bandwidth; on mobiles with the crappy browsers, often clicking on ok, assuming you can actually hit the silly little X icon, result in a retransfer of the web page
3. almost none of the web sites understand who you are, so you see them continuously
4. they appear right in the middle of the (pitifully few words of) text which appear on most web sites
5. they are difficult/impossible to block across the range of browsers a real user needs
6. most people, myself included, have no clue what the point of this exercise is

Sure, I dont want to be tracked - so just dont track me. Dont put pointless garbage on my screen which nobody cares about.

Honestly, bring back the three year olds !

Not so much about usability

[Anonymous Coward]

Joe Schmoe is just going to click away the banner.
I.e. usability of all the sites remains pretty much the same. It's just that every site now shows an irritating pop-up which any Joe Schmoe will click away before continuing the way things were in the first place.

Net positive effect: Zero.
Net negative effect: Nothing accomplished, all the same privacy issues are still there but it takes a click more to use those sites.

Of course it is hard

[mlwmohawk]

The spirit of the law is to protect users. The people creating sites don't care, and are, in fact, hostile to any such consideration.

In all reality, cookies enable some pretty good behavior on web sites, but more often than not, are designed to track user behavior against their own interests.

Re:Of course it is hard

[omnichad]

cookies enable some pretty good behavior on web sites

Right. If you don't block cookies using browser settings, the web site needs to store a cookie on your computer to remember that you don't want to store cookies!

Re:

[Anonymous Coward]

Sir, please shut down your computer and step away from it carefully. We will send a dispatch to relieve you of it.

Or, more bluntly: You have not understood the first thing about the cookie law.

A website may place as many cookies as it wants as long as they do not contain any personal identifiable data.

Yes, they may place a cookie with contents like "FollowMe=No" on your computer without even having to ask you ! And they are fully within the law when they read that cookie back without having asked you for

Re:

[olau]

In all reality, cookies enable some pretty good behavior on web sites, but more often than not, are designed to track user behavior against their own interests.

That's just plain bullshit. Cookies were introduced to solve a real problem. The fact that people hang out on crappy gossip sites that get their income from shady ads is just unfortunate. Do you really think this law will cause those sites to change their behaviour? No, they just need to trick people into saying yes - and that should be easy given all the legitimate sites now need to ask too.

This directive is a big fail. I believe most European countries have privacy laws in place to crack down on those sha

A Better Concern

[Shaltenn]

Why are these websites loading cookies the moment you go to a page, before you can even login or present them with data that is worthwhile to have in a cookie? If nothing else you should take this as a warning as to what websites are tracking you across the internet, and to just flat out avoid them.

Re:

[Miamicanes]

Basically, programming convenience and bug-avoidance. This is a particularly big deal with languages like PHP that embed server-side code into HTML content -- by the time your code realizes that it needs to store something in session context, the header has already been committed (and probably sent). It's not *completely* impossible to work around, but it's a major pain. It's much easier to just set the cookie and establish the session so it'll be there and ready to use when and if you end up needing it.

In

List of recently viewed pages

[tepples]

Why are these websites loading cookies the moment you go to a page, before you can even login or present them with data that is worthwhile to have in a cookie?

Take Phil's Hobby Shop [philshobbyshop.com] for example. When you display a product's page, it adds the product to a list of recently viewed product pages, which is displayed at the left side of the product page. And to separate your list from other users' lists, it needs to store an anonymous session identifier in a cookie called philshobbyshop_sessionid. These anonymous sessions end after 16 hours and do not identify a user unless the user clicks "Log in" to convert the session to a logged-in session. All this is explained on

Mobile Browsers

[timmyf2371]

By now, I think we all get it - non-techies included; if we visit a website, we might get a cookie installed onto our computers. These intrusive banners have made that perfectly clear to the point where it is now extremely annoying.

I especially hate it on my phone. Due to the nature of my interactions with apps like Twitter, I quite often end up visiting sites I've never visited before. And these floating banners with the X are incredibly difficult to close and get rid of - hampering my browsing experience.

I understand that the people who came up with this idea probably had their heart in the right place, but seriously, it really needs to stop.

But I thought...

[ab_iron]

They were called Briskets in the UK.

Re:

[ab_iron]

Damn auto correct!

cookies are OK

[bertomatic]

I don't have any problem with a site wanting to use cookies, and putting them on my computer. What I do have a problem is when a site "reads" information (cookies/history/etc.) and sends that info up the chain. That is what should be banned. "They" have no right reading anything on my computer w/o my consent.

Don't mess with what you don't understand

[Hentes]

Governments should keep their hands out of the internet.

Greasemonkey to the rescue!

[hack slash]

I discovered on at least one site that blocking cookies for them meant that the banner never goes away!

Bloody annoying!

So I hacked up a Greasemonkey script to remove the banners.

The problem is sharing not gathering

[EmperorOfCanada]

I don't care if any single company gathers information. They can gather away and store the information like squirrels in little burrows they dug in the hillside. What I do care about is when they share the data. This whole "trusted third parties" crap is well crap. I really really get upset when I hear about companies that gather up personal data and then sell it on to other companies that start vacuuming it all together to start building a profile as you move through the internet.

So if these politicians