Cookies and the law


You are reading one of the very, very, few websites in the world that fully complies with the law regarding ‘cookies’.

The author of this page is both an English barrister, and an experienced software engineer. That means that I am qualified to bore you about two subjects! (Actually, I can bore you on many more than 2 subjects, but only 2 are herein relevant, as we lawyers say.)

Cookies are tiny and harmless bits of data that a website leaves on a visiting computer or similar device.

There is a very good and sensible reason for this. We like to count our visitors, and also like to know who are new first-time visitors, and who are repeat returning visitors. To do this, our website leaves a cookie to mark a computer as having visited the website. [More technical details about cookies are at the bottom of this page.]

Because cookies uniquely identity a computer, they also potentially identify the user of that computer. Some useless nit-pickers might therefore argue that these cookies might impinge upon the privacy of a human being. There are herds of useless nit-pickers about. They are called bureaucrats, and the US government and the European Union employ droves of them.

Websites are therefore obliged by law to tell you that they use cookies, and to gain your informed consent. (You are deemed to be informed if the information is made available, whether you read it or not. You are deemed to consent by continuing to use the website.)

This law is of no use to you whatsoever. Practically every website uses cookies. If you don’t like cookies, you might as well abandon internet use. (Otherwise, you can set your browser to refuse to accept cookies. Except that you don’t know how to do it. If you knew how, you would already know about cookies, and you wouldn’t be bothering to read this page!) Laws such as this serve only two purposes. Firstly they keep bureaucrats in work. Secondly they give governments excuses to impose massive fines on non-complying websites that annoy them. [More details about legislation are at the bottom of this page.]

There are 3 types of websites. The majority break the law by using cookies and not telling visitors. Practically all the rest only partly obey the law; they tell you that they use cookies without explaining why, so your consent is not truly informed. Very few websites fully comply with the law: there’s this one, and I don’t know any others.

Thank you for reading this. If anybody at all has really read it, please send a tweet to @BigGoodJohn so that I will know that I did not live in vain!



Cookies – Technical details

This section is not actually necessary. I will finish it as a penance whenever I do something awful, like leaving the lid off the honey jar. (See? I really am a software engineer. We prefer writing for compilers.)

Computer cookies are named after the US sweet baked goods. They are what the UK calls sweet biscuits. You could break millions of cookies in half, but only the 2 halves from each individual cookie would match. In the same way, half-cookies on a website will only match half-cookies on a computer that the website has seen before.


Legislation in detail

This section is not actually necessary. I will finish it as a treat whenever I do something praiseworthy, like helping a hedgehog across the road. (See? I really am a lawyer. Only a lawyer could have fun waffling on about convoluted regulations.)

The key legislation in the EU is Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).

This is commonly referred to as the “ePrivacy Directive” for short.

In this Directive, Article 5(3) states: “Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.”

In the USA, the FCC has a functionally identical rule for government departments and agencies. FCC is short for the Federal Communications Commission. This agency regulates interstate and international communications by the internet, and is the United States’ primary authority for communications laws, regulation and technological innovation. Insofar as nearly all USA websites are visible to the whole globe, they fall under the FCC’s jurisdiction.