azrael wrote:A law was passed about being transparent and open with users.
I would argue a law was passed to try apply existing data protection legislation more consistently with that of internet cookies. The technical implementation and communications were very much an afterthought - so no.
We are required to comply with the law, so we are.
Since there was no announcement about what cookies we might be opting in to I've not seen what change has been necessary. For example, the home page sets:
* Session id - something that would fall under an exception, not requiring opt in as it's functional component of the website
* Functional forum cookies
Going beyond our domain, there is:
* Youtube cookie
Presumably other external embedded media might also use/set cookies. I will accept one could argue that youtube needs a disclaimer, just like our use of google analytics
do, but I believe the user experience impact is net negative.
I accept if we wanted to support this law actively it would be the thing to do - but I disagree.
Being open and transparent with users doesn't really go against our political philosophy (even if it does relate to perhaps a rather silly and unnecessary level of openness?).
I will accept it is not in itself negative, other than that of a minor user experience issue - but our implied support of the law is more serious, which is what I'm raising.
Your previous company really ought to obtain legal advice on whether wilfully ignoring this law is a good approach for them.
The company was an agency and therefore not liable for the sites contents, it was the brands they advertised for who bear the liability. All brands were canvassed and quoted for the work necessary to audit and update their sites cookies and policies. Some paid and got annoying 'opt in' screens, most accepted the risk of non-compliance due to reasons of:
* No budget to update their sites - and no tangible financial risk for not doing so to weigh this against
* Non UK brands hosted in the UK who were prepared to move their hosting offshore if needs be
There were internal divisions at the time, with the head of data parroting the ICO's 'everyone without cookie opt in will be fined by the ICO!' through to me saying 'this is a waste of time
'. I have been proven correct so far, and I stand by my position that this is an ineffective, confusing law, that is more about a government legal bureaucrats being seen to be active, attempting to delegate a complex issue down to individual users, than it is securing internet users privacy or encouraging website transparency.