April 24, 2012

Given that the IT industry is, almost by definition, innovative and thirsty for new challenges, it seems somewhat surprising that the ‘new cookies law’ provokes what authors in this issue describe as gasps of horror.

It is a surprise partly because the so-called cookies law is not really ‘new’ anymore. It derives from a 2009 Directive and, by the standards of Internet-years, regarding it as ‘new’ three years on is like having Adam Ant as your style guru. The world of IT is used to tough deadlines and adapts to changing public attitudes almost as a reflex but in this situation it was like Manchester United being held to a draw at Old Trafford – it needed lots of extra time.

The Information Commissioner’s Office took pity on the poor souls expected to comply with the law with a mere year or two’s notice, announced a year-long moratorium and has indicated that it will only then be looking hard at those who are not even trying to comply. In light of such an attitude from the enforcement arm, echoing negative reaction from government, it is no wonder that so many see the gasps of horror as a reasonable reaction.

I know that there are those that view the new requirements as unworkable and the product of a wilful failure on the part of the EU Commission to understand e-commerce realities – or even any commercial realities. But the relentless negativity fails to convince me – I have been reminded of that ridiculous parental stance when faced with the unwilling child: there’s no such word as ‘can’t’ (which my own children pretended to assume was a, not untypical, grammatical correction). I have been struggling to avoid using that very phrase because it marks the start of the slippery slope that leads to ‘because I say so’, but I admit that it comes close to summarising my views.

So I am delighted that this issue includes two articles that support the positive view that the Privacy and Electronic Communications Regulations are not e-commerce’s Deep Impact-style ELE (Extinction-level Event). If the account of Experian’s route to compliance from Alex Newson, Aisling Duffy and Holly Cheng hides a welter of moans and groans then it does it well. It suggests that a positive approach, allied to a company-wide commitment and an on-going commitment to adapt, can embrace compliance and still leave web sites with great functionality and the business with an effective and profitable online presence. I hope Robert Bond will forgive me if I detect a less welcoming tone in his piece on the ICC UK Cookie Guide. I am reminded of advice about speed limits which includes a careful identification of which speed cameras actually work and the areas where the police will allow a considerable margin. But here too we have a positive solution which I hope will be widely adopted, even though I am aware of some criticism suggesting that the ICC Guide will fall foul of the EU Commission’s views on informed consent.

For those operating web sites in the UK, and many beyond it, there is only one realistic alternative to taking positive steps leading to compliance with the Privacy and Electronic Communications Regulations. They can emulate Téa Leoni and Maximilian Schell in Deep Impact: just stand on the shore and wait for the wave to hit. They have got until at least 26 May to come up with a better plan and I only hope that SCL members can help them do that.

You might remind them that grumbling just slows you down, and that there is such a word as ‘cant’ – one definition of which is ‘to speak in a whining manner’ and ‘to use language whose meaning has evaporated from continued repetition’.