Cookies. Cookie controls. Non-cookie cookie-like technologies. User choice. GDPR. First party. Third party. Data walls. Tracking walls. Consent.
Yelling. So, so much yelling. Websites yelling at you, your boss yelling at you, your subordinates yelling at you, the data controller yelling at you, you yelling at websites that are forever yelling “TAKE MY COOKIES OR I WILL KILL THE PUPPIES!”
Please let it stop.
You thought it was all over, didn’t you? Back in 2010/11 the world went a bit loopy trying to get in line with the legendary “Cookie Directive”, and banners and pop-ups and crude begging for so-called consent plastered a billion websites like some bureaucratic reimagining of a Tripod site from the good old days. After a while ICO muttered some soothing words to the effect of, cool it Kermit (but stay on edge). And the tide of banners receded for a while.
Then in May 2018 the General Data Protection Regulation (GDPR) came into effect in the European Union and the nightmare returned. This time, though, the equivalent of the Cookie Directive was wearing big kid pants and carrying. And it was standing in the imposing shadow of its beefy mate, General Data Protection Regulation (GDPR). This fact at least meant it wasn’t just the web team in the rifle-sights: the whole organisation was panicking back in May ‘18.
I let it all wash over me to some extent because, back last spring, I knew that my impending redundancy would make it S.E.P. and I’d be busy with an exciting new world of freelance consulting. But there’s really no avoiding it in my line of work or, more significantly, as a user of websites. So after a while of being increasingly annoyed at — but also confused by — the notices I was seeing, the permissions they were seeking, and the results of giving or withholding those consents, I vowed to dig deeper.
I’ve made it back but damn, that’s some rabbit-hole.
I started to write up what I learnt from my trip into Cookie Wonderland because, approaching a year in, I don’t believe most people actually know what’s going on, why, or what they should be doing whether as a user of websites or as a site owner/manager. Although GDPR streches far beyond websites and online activity, it is this re-proliferation of “cookie consent” notices that’s likely to have been most obvious day-to-day through the window of your browser, and I believe things could be a lot better.
All this means going deeper than you might have thought necessary. But after all, if you are to seek “informed consent” (and if you are give it), shouldn’t you be well informed yourself? So we will look at the legal background, the technology, mechanisms of control, good and bad practice, what to do as a user, and my wish-list. Probably. There should be lots of examples (especially bad ones).
Note: my background is in the non-profit sector (cultural heritage to be exact: museums and the like) and my perspective is coloured by that; if I write something confusing then just imagine you run a museum website and see if it makes more sense.
Posts in The Great Cookie Conundrum (more will be added as they are published)
- I don’t know what we’re yelling about! <- you are here
- What is the deal with GDPR, the Cookie Directive and the ePrivacy Regulation?
- Sugar and spice and slugs and snails
- Giving back control
- Judgement day
- How (cookie) consent management works