Monday, 20 January 2014

Clear or crummy cookie practice?

Every now and again, I stumble across a new website and take a quick squint at the cookie policy.
Don’t worry - it’s not something that is of any interest to me in my real life. But, for professional reasons, I do like to see how the webmaster has addressed the issues that were under such intense scrutiny a couple of years ago. (Oh, how time flies.)

I recently came across a site advertising a conference, to be held in April, on smart cities.

The first thing I noticed was the cookie banner, proclaiming: “We have published a new cookie policy. It explains what cookies are and how we use them on this site. To learn more about cookies and their benefits, please view our cookie policy. If you’d like to disable cookies on this device, please view our cookie policy for information on how to manage cookies. Please be aware that parts of the site will not function correctly if you disable cookies. By closing this message, you consent to our use of cookies on this device in accordance with our cookie policy unless you have disabled them.”

That’s right. This time you get four separate links to the same cookie policy in the four lines of text.

The cookie policy, should the reader click onto it, is a page that contains a bunch of quite accessible information, including a plain English explanation of the each of the 19 cookies that are loaded, and how long they remain. One cookie expires after 10 years, others expire at the end of the browsing session. But at least the webmaster knows what cookies are set, and when they expire.

I just hope the webmaster take as much care reviewing the website to make sure new explanations are added when new cookies are introduced, as they evidently did when creating the original text.

I did chuckle when I read the relevant cookie explanation on Informa’s main website, which explains that: "Websites are now required by law to gain your consent before applying cookies. We use cookies to improve your browsing experience. Parts of the website may not work as expected without them By closing or ignoring this message, you are consenting to our use of cookies."

So, according to Informa, ignoring a message is taken as consenting to the relevant processing,

Another instance, like my last blog post, where the data controller is adamant that silence can be taken as consent.

I must admit that I'm more comfortable with the previous example, with the NHS taking my silence as consent, than I am with Informa's stance. Informa should require the visitor to its website to do something more than just ignore a message to assume consent - I would have preferred an explanation along the lines of: By closing this message or remaining on this website, you are consenting to our use of cookies."

But then again, I'm just being pedantic. How many people really do click through cookie banners and actually read the policies, anyway?