Web software firm taunts UK data regulator over cookies
A software firm has challenged the UK's Information Commissioner's Office to punish it over its use of web cookies.
Derby-based Silktide said it created nocookielaw.com to highlight the "ineffective" rules put in place in May to clamp down on websites using "tracking" cookies which log user data.
The site says: "Dear ICO, sue us. Send in a team of balaclava-clad ninjas in black hawk helicopters to tickle us to death with feather dusters."
The ICO has defended its role.
"We welcome any opportunity to help us draw attention to this matter, as a key part of our work in ensuring compliance with the cookie law has been making businesses aware of the regulations," a spokesman said.
The new rules - set by the EU but only "enforced" in the UK since May - dictate that all British websites must obtain visitors' informed consent before placing cookies on to their computers.
Cookies are small text files that help organise and store browsing information.
The law aims to clamp down on websites using "tracking" cookies which log data about the user as they browse the web. Such cookies are often used to power targeted advertising.
The rule change has led many websites to adopted a variety of design techniques to inform their users.
Most popular is a form of banner or pop-up notifying that cookies are used.'Technically illiterate'
Silktide had produced a range of tools for web developers who wanted to make sure they were not falling foul of the law, but the company now describes the efforts as "a tragic waste of time".
Cookies are small files that allow a website to recognise and track users. The ICO groups them into three overlapping groups:
Files that allow a site to link the actions of a visitor during a single browser session. These might be used by an internet bank or webmail service. They are not stored long term and are considered "less privacy intrusive" than persistent cookies.
These remain on the user's device between sessions and allow one or several sites to remember details about the visitor. They may be used by marketers to target advertising or to avoid the user having to provide a password during each visit.
First and third-party cookies
A cookie is classed as being first-party if it is set by the site being visited. It might be used to study how people navigate a site.
It is classed as third-party if it is issued by a different server from that of the domain being visited. It could be used to trigger a banner advert based on the visitor's viewing habits.
It added: "The idea of this law is a noble one, it's just a shame it was drafted by a team of technically illiterate octogenarians who couldn't find a button on a mouse."
Oliver Emberton, who owns Silktide, told the BBC that users who had tried to comply with the law were being penalised more than those who had opted to ignore it.
"People are seeing lots of extra banners, and those banners are saying we're doing something bad," he said.
"Ultimately, there are rivals of yours that are not doing that, and don't care.
"In a lot of the cases it's just because they've gone 'yeah whatever, we'll see what happens'. It doesn't make any real difference."Rule flouting
On its page, the company placed a large link to the ICO's complaints procedure, which Mr Emberton also criticised.
"No normal human being would ever be able to fill this form in," he said.
"Even the ones who did would never have the patience to survive it."
He said the ICO had not been in contact with the company about the website or its flouting of the rules.
The ICO told the BBC that the NoCookieLaw.com website would feature in a review on the regulations that is due to be published in November.
"Individuals can raise their concerns about how organisations have implemented the cookies legislation through our website, and we'll look at the content of every website reported to us.
"It's worth noting that this website criticises those regulations, but the ICO is responsible only for regulating those who must comply with the law, and not for how it was drafted."
At the time of the law passing, the ICO said: "If people listen to our advice, and are prepared to take steps towards compliance, there shouldn't be a problem.
"However, if businesses deliberately stop short of total compliance then there is a risk."
In the days leading up to the deadline, the BBC reported that the majority of websites in the UK would not be compliant with the law - including those run by the government.