Five Years of Cookie Law: Politicians’ good intentions and incompetence create security, privacy nightmare
Five years with the “cookie law”, taking effect in 2011, shows how politicians’ good intentions – when coupled with incompetence – can create a security and privacy nightmare. It was supposed to give users choice, privacy, and security. Its effect, over and above causing developer facedesks and headaches, has been the exact opposite.
In 2009, the European Parliament adopted an amended Directive on Privacy and Electronic Communications. The major new thing in the 2009 amendment of these rules was something called “consent for cookies” – requiring all users to agree to cookies being stored onto their computer from all websites.
It’s important to remember that this legislative directive – the European equivalent of a federal law – was voted on by people who get their e-mail printed for them by secretaries, and therefore believe they understand what this Interwebs thing is about. No, seriously. That’s actually what the European Parliament looks like still, and most certainly looked like two terms ago (early 2009).
The overall idea was that users have to give consent for tracking cookies to be placed on their computers – overall, to give consent to being tracked. But the nature of websites by 2009 was already past using cookies for tracking only; cookies are being used for the entire interaction with the user, from authentication to preferences. Even something as simple as a WordPress blog places cookies on every visitor’s browser (although most blog admins disable this for performance reasons).
In any case, requiring opt-in for this in the website interface, as opposed to in the browser options, has created a privacy and security nightmare that will take decades to undo. This is what happens when good intentions meets technical incompetence.
The only net effect of the cookie law is that every user has been conditioned to click “Yes, I agree” on any popup that appears when they go to a new website.
As these cookie consent dialogs take vastly different shapes, the average user won’t be able to tell a “Allow cookies? Yes/no” dialog from a “Install malware? Yes/no” one. And hence, political incompetence has created a privacy nightmare for the masses.
Privacy remains your own responsibility.