UK startups say they’re ignoring EU cookie laws

· Explainer: What is the European cookie law?
· Context: How Europe is dealing with the cookie crisis

Controversial European privacy rules that require websites to inform users about the cookies are finally hitting Britain this weekend. The country’s startups, however, seem to be taking no notice of them.

“We’re ignoring it and waiting to see who gets sued and what happens,” one London-based startup co-founder told me this week. “We have a ton of revenue-generating work that needs to be done. This is just a distraction that does nothing for the business except waste time and resource.”

The rules, which were originally passed by European regulators in 2009, require users to give consent for non-critical data that websites want to store on their computer — typically through a pop-up dialog telling them about cookies that cover things like advertising and analytics.

But the idea of complying — even if it is the law — doesn’t seem to be cutting much mustard with British web entrepreneurs.

Another unrepentant entrepreneur summed up the mood: he would “ignore it until threatened with legal action,” he told me.

So: what we have is a law that is being ignored by the people it’s meant to apply to. Sound confusing?

That’s because it is. The directive was originally supposed to come into force last year, but when it became apparent that few businesses were ready to cope with the changes by the middle of 2011, Britain’s privacy watchdog, the Information Commissioner’s Office, put the deadline back by a year.

Cookie MonsterTwelve months on, some larger businesses have started to comply with the rules. To take a couple of examples, the Financial Times recently added a pop-up asking users for permission to place tracking cookies, while the BBC has also started asking visitors for their consent.

But the reaction from small companies seems much the same as it was a year ago.

One problem is the half-hearted approach being taken by the ICO, which has never quite bought into the directive. Recently the Information Commissioner David Smith said that although he had the power to fine non-compliant websites as much as £500,000 for breaching privacy regulations, he was not going “suddenly going to launch a torrent of enforcement action.”

Instead, the organization has said it will write to 50 of the U.K.’s most-trafficked websites to remind them of the rules and give them 28 days to comply.

That approach may carry weight with large organizations that don’t want to risk becoming a test case, but it will take forever to trickle down to startup world, where criticism has been vociferous.

Doug Monro of listings startup Adzuna told me that the lack of clarity about the way the rules were supposed to be implemented and enforced simply added to the air of confusion around the issue.

“The rules are clear as mud and, as far as anyone strictly interprets them, stupid,” he said. “Privacy-sensitive users can just change their browser settings or install a tracking-cookie-blocker if they want to reject cookies. The web as we know it would be virtually unusable without any cookies being used, or having to customize my cookie preferences on some pop-up on each of the hundreds of sites I visit.”

Photograph of woman copyright Shutterstock/Kuzmik

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

  • Social media in Q1: commerce and discovery dominated
  • Controversy, courtrooms and the cloud in Q1
  • Facebook’s IPO filing: ideas and implications



GigaOM