EU UK Cookie Law Police Websites Fall Foul

The pitiful state of the UK Cookie Laws

The Sorry State of UK Cookie Law Compliance

In recent years politicians and law makers have really fought hard to bring laws and regulation to the internet, often unnecessarily and with risible results.

The reason behind this is that the politicians that come up with the laws and write the regulations are, for the most part, totally and utterly clueless to how the internet works. You have to remember that these politicians are usually 50+ and are totally blindsided by the rapid growth of the internet and the changes in society that this brings.
These very politicians often view the internet in an entirely antiquated and non-enforceable way, yet they have an enormous power to wield law and legislation over it.

This is a terribly worrying state of affairs.

A fine example of this is the EU cookie law (e-Privacy Directive) a guide to which can be found on the Information Comissioners Office (ICO) Website: here

In fact, they even provide an exhaustive guide to the cookie law and steps to take to ensure proper compliance: here

However, I know we are all children of the TL;DR generation so lets skip to the main points:

  • Websites MUST acquire the consent of users prior to placing cookies on their computer
  • Implied consent can only be assumed provided reasonable warnings/information has been given

OK, so if your website operates in the UK, and you use cookies to store data on users, you need to get permission to store this data.

So let’s take a look at how websites have dealt with this:

One of the most obvious implementations is with the BBC:BBC Cookie Law Compliance

BBC Cookie Law Compliance


Google also complies fully with the regulations:Google Cookie Law Compliance

Google Cookie Law Compliance


As do the major political parties:
Conservatives Cookie Law Compliance

Conservatives Cookie Law Compliance

Labour Cookie Law Compliance

Labour Cookie Law Compliance

And, most notably, also even the websites of the extreme right wing political group: The British National Party:
BNP Google Cookie Compliance

BNP Google Cookie Compliance


Great, so there is a law in place and everyone follows the law and all is well.

Well, not so fast.

Clearly there is this law in place, so to whom should we turn when someone breaks this law?
Surely, if someone breaks the law, you would turn to the police to save the day and punish the bad guys, right?
I mean, if even the fascist, right wing, morally abhorrent, BNP follow this law on their website, surely we can trust that our own police services will fall in line with compliance here.

Could you imagine the level of embarrassment to be had if your local police website broke a law that was followed by such an otherwise appalling organisation?

Lets take Northumbria Police as a quick test:
Northumbria Police Lack of Cookie Law Compliance

Northumbria Police Lack of Cookie Law Compliance


No obvious request for consent in relation to the placing and storing of cookies.
Perhaps the website doesn’t place any cookies, and so it doesn’t need to request consent from the visitor?
let’s take a look:
Northumbria Police Cookies

Northumbria Police Cookies


Well, fuck.

So cookies are placed on the users computer, and no request for consent is made.
Perhaps we can say that the user has given “implied consent” because the website makes a warning on it somewhere that they accept the cookies.
Besides, anyone that chooses to visit the website knows that they are visiting the Northumbria police website.
So by choosing to visit the site in the first place they are giving consent to have cookies tracked, right?

Well, not really.

For example try the following link: I do not give the Northumbria Police website any consent to track any cookies. No consent is hereby given or implied in any form

Oops.

So the Northumbrian Police website places cookies on the users computer without any explicit consent from the user or reasonable steps taken to ensure implied consent.

The worst part is, this isn’t exclusive to Northumbria police. In fact many of the local police websites fall equally foul of the law.

On the face of this we can make the following, and quite worrying, objective statement:

“The BNP have a more legally compliant website than Northumbria Police”

Quis custodiet ipsos custodes?