« Previous | Main | Next »

How BBC Online will meet changes to UK cookie laws

Post categories:

Kate Leece | 09:32 UK time, Thursday, 26 May 2011

Today European privacy laws come into force in the UK, with the intention of giving internet users more control over the data websites gather about them. New rules require websites to obtain consent when placing 'cookies' on your computer, mobile or other device. Cookies are used all over the web for a variety of reasons - from enabling basic functionality to help the web remember your preferences, to creating detailed profiles of your browsing activity. I want to update you on how the BBC will be approaching this change.

The Information Commissioner's Office (ICO) published guidance on changes to the cookies rules earlier this month to clarify how websites should obtain user consent for cookies. A further ICO news release yesterday confirmed that the ICO would give website owners up to 12 months to comply with the new cookies law before enforcement begins. This is because currently there is no easy technical way to enable individual cookie consent.

While some might welcome a pop up which asked for consent every time a cookie was used on a website, others might find it significantly spoiled their experience. The Government recognises that the technical solutions are not yet there, and is working with industry to agree the easiest (and least intrusive) way to enable websites to obtain users' consent to individual cookies. There is a debate about what consent means, but the crucial point is that users should be able to give informed consent, in other words, websites need to be very clear about what cookies they are using and why, and ensure that users have a choice.

How will the BBC comply with the law change?

Today we're publishing an updated list of the main cookies in use across BBC Online and what each is used for. It also tells you how you can control cookies by setting your computer, mobile or other device to notify you when a cookie is issued, or to opt out of cookies altogether.

We're also reviewing the ICO Guidance and starting to develop a plan to achieve compliance for BBC Online. This is going to involve reviewing the different types of cookies in use and deciding on the best method of obtaining consent from users in each case, and making technical changes where appropriate.

We'll continue to provide you with clear signposting to the cookies we use on BBC Online, so that you can make informed decisions about them, whilst being able to enjoy the best possible user experience across our web offering.

How does the BBC use cookies?

The BBC is committed to protecting you and your family's personal information when you're using BBC Online, and to providing users with a clear understanding of how and why we use cookies.

Cookies allow us to tailor our websites to you. For example, if you've customised your homepage we'll use cookies to store information about your preferred layout. If you tell us you always want to receive the weather forecast for Birmingham, we use cookies to save your location preference.

We also use cookies for internal purposes to help us to provide you with a better user experience. Information supplied by cookies helps us to analyse the profile of our visitors and to improve how we present our content to you.

Certain areas of BBC Online also use a specific type of cookie, called Flash cookies, for particular functions - for example, to help an online game work effectively on your device. More information about Flash cookies can be found here.

Finally, if you're outside the UK, you'll see the international version of BBC Online, bbc.com, which features advertising. A certain amount of this advertising is tailored to the individual user. This "onsite behavioural targeting" uses cookies to discover general information about the pages you visit. The tracking system is anonymised: it doesn't know who you are; it simply uses the limited information available to it to serve ads to you which it believes are relevant. More information about the use of onsite behavioural targeting, and how you can opt out from it, can be found here.

Other useful links: https://www/allaboutcookies.org

Kate Leece is Head of Legal & Business Affairs, BBC Future Media & Technology


  • Comment number 1.

    I may be wrong but I got the impression it was only 'third party' cookies that were affected by the new EU rules. For example Google Analytics (as used by BBC) are apparently "first-party cookies" according to their documents https://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html so presumably wouldn't be affected.

  • Comment number 2.

    I wonder if the Daily Mail will be warning us about more unworkable EU Regulation?

  • Comment number 3.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 4.

    Ref #1 - Keith - my understanding is that the new regulations apply to all cookies - see this useful ICO document.


  • Comment number 5.

    What would be really good is if they integrated it into the browser that way each website could just add themselves to the list with the browser and the user simply clicks yes or no when the browser alerts them

  • Comment number 6.

    I've had cookie control from Firefox for years. It doesn't stop me enjoying the web. It might be stopping people getting hold of info I do not wish them to have. It's exactly that: a pop-up asks if you want to allow the cookie (and ten others ftrom the same site). I only leave in place cookies from those I need to have them there.

  • Comment number 7.

    Cookies crumbling?

  • Comment number 8.

    This is a nonsense. Cookies help give a better web browsing experience. I once had virus software that asked me about every cookie and it was the most annoying thing ever. Many people will have hundreds of cookies added every day. It's unrealistic to think that they should decide whether they want each particular one. If I stoppped to read what each one was about I wouldn't have time to do any work. The EU should stop inteferring in people's lives.

  • Comment number 9.

    If a user says please don't store any cookies, how will the website remember this? The user will be treated as a new user each time, and get asked each time. Meaning the only viable option for the user is to say yes, defeating the point of this. Cookie control and regulation should be done by the browser not the websites, the law is targeting the wrong party. The BBC should protest and refuse to implement any of this. It will lead to non EU services being more user friendly, this will discourage people to host websites in the EU, stifling innovation and making the web slower for users. This law is ridiculous and must be stopped. Secondly the majority of users don't know what a cookie is, asking them for consent will only scare them. PLEASE DO NOT GO THROUGH WITH THIS.

  • Comment number 10.

    Briantist - I hope the Daily Mail will be warning us, because someone needs to. It is not up to governements to dictate to people what they can and can't do. If you don't want cookies, just switch them off at browser level. It really is that simple. We don't need politicians and bureaucrats getting involved. They already waste too much of our money.

  • Comment number 11.

    If you use Mozilla Firefox and use their add-on app called 'No Script' you are able to control which cookies run on your computer.

  • Comment number 12.

    This is the first time i've heard about this new law. I'm a web designer and almost all of my sites put cookies on people's sites. There is no harm from this. This will will be a headache for me. I can't see this as being workable. no way. in just 12 months.

  • Comment number 13.

    Lets get this right. Cookies sre entirely for the benefit of providers and do almost nothing for the customer. The way they are installed is completely unethical and so unforgivable. I don't want masses of unknown nerds tracking me because I use the internet. I don't want people making money from me, without me knowing. Their use should be banned completely and if someone wants to "improve my experience' let them do it via their own servers.

  • Comment number 14.

    Given that cookies (and sessions, a form of cookie) are mainly used for login system, to keep you "securely" logged in to websites for e-stores and browser based e-mail services I can't see how they are going to enforce this law without users becoming annoyed and frustrated. I can see an extra half a dozen pages added to Terms of Use documents for the poor customers to pour though just to make even the most basic websites legal. So much for smoother integrated experiences for users who have the chance to disable cookies if they wish anyway. Those that currently don't understand aren't going to be enlighten by a box asking if they want them installed, rather just frustrated that they clicked no, "I don't want to give my information away" and then screaming, "the box with lights isn't doing what I want."

  • Comment number 15.

    This comment was removed because the moderators found it broke the rules of broken English. Explain

  • Comment number 16.

    @wickedlymale, this is exactly the problem this law will cause, people saying no cookies at all, (then they will complain that somethings not working). When you log into a site it will often have a tick box asking if you want to be remembered, or it will automatically remember you and not ask you to log in again the next time you visit a page on that site. That is done using Cookies, if you outwright ban cookies this feature is gone and you end up having to enter your details a lot more often, also for example on the BBC if you edit the homepage that modification is stored as a cookie so it will stay edited the next time. I'm also guessing that the feature of the iPlayer which allows you to resume a video also uses cookies.

  • Comment number 17.

    @wickedlymale, as a developer I know that you are a long way away from the truth. Often website functionality depends on dropping cookies on your computer and removing the cookies function will destroy your experience on a large number of websites.

    The alternative way of storing this information would be through database driven sites which would be able to store the same information but in a more permanent basis and in a way that you can not remove yourself from unless the option is provided for you to do so. Often cookies that are used for funtionality will last for a very short time period (ever been on a site that times out if you've not done anything on the page for 10 mins?) and if they are set to last for months its within your control to delete them.

    Which option would you like developers to use to store information that the site requires? The option you can remove yourself or the one you have less control over?

  • Comment number 18.

    I wonder why some readers just can't wait for any excuse to attack the EU.

    Just stop a minute. Cookies are good and healthy if you are a computer geek, and hence you understand what they mean, and how to switch on and off the little twiddlywack on the browser's hidden page accessed by typing about:gogglywogglydo. Most Internet users don't have a clue.

    It is a hard-and-fast fact that remembering an access using cookies often is used to sell information on that access to third parties (sorry. I know I am not being 100% scientific but, having developed websites for over 20 years, I sort of tend to see these things). It is also a hard-and-fast fact that laws to stop this from happening have not worked. Hence the unfortunate, painful but necessary measure of banning cheap and cheerful user tracking as a whole.

    Yes, EU regulations are poking their nose in our lives. As any other regulation, EU or non-EU, as for that. So what? Isn't the size of our bus tickets determining the weight we have to carry in our pockets? Outrageous! The local bus Company is invading our very pants! To hell with buses! To hell with pockets! Rule Britannia! Bash, bash, bash everybody else! Bash, baaash, baaaa, baaaa...
    Or maybe, with a bit of common sense, please stop attacking the EU for whatever reason comes at hand. Most of the time, EU policies are based on a "better safe than sorry" principle and, quite often, this is just right.

  • Comment number 19.

    If you must put your hand in the bottom of the jar filled with salt and barbed wire for a cheap thrill on your terms then you are a control freak and get what you deserve.

  • Comment number 20.

    I wouldn't worry about this law to much BBC. The government departments and the prime ministers website aren't complying. It's a law which many companies are finding hard to comply with.

  • Comment number 21.

    UK Business will loose out as a result of this law. We will implement it and every UK website will start to annoy visitors, by asking for consent to use cookies. The rest of the world wont have this stupid law, so traffic will go to the sites that don't have this as it will be simpler to do business on-line with them.

    The problem with the law is:-

    For a website to remember that you don't want cookies it needs to do one of 2 things. a) Require that you login to the site and save some preference data b) Put a cookie on the users PC, which you aren't going to be able to do.

    So website designers have 2 'options' the 2nd of which isn't an option. The only other way is for the web browser to hold the information of your preferences about cookies, like firefox does, but under the wording of the law that isn't sufficient.

    Basically a law drafted by people who have good intentions around privacy but have no idea of the consequences of their ruling.

  • Comment number 22.

    I don't think this is going to be as bad as it might at first look. First of all cookies that are used as part of a transaction are exempt. I would guess that this would include cookies used for login status and shopping baskets.

    For the kind of cookies that are used to remember peoples login between visits I suspect the all that needs to happen is the check box on the login page needs to read "Remember me (uses a cookie)" instead of just "Remember me". This will also apply to a lot of other settings that can be simply turned on or off. Getting consent does not necessarily need to use a popup.

    The only real issue is with the kind of cookies that are used by Google and the like to target Adverts or collect Analytical information. Both of these can actually be done without using cookies (all be it in a slightly less effective way). I suspect the people that provide these services will start to produce versions of their products that don't use cookies in the first place.

    Still this is a law that has been put into force by the paranoid tin foil hat brigade, so I wouldn't be unhappy to see it scrapped.

  • Comment number 23.

    I think this law will have adverse effect on innovation. I came across a really good video on this the other day posted on silktideblog https://www.homini.me/mcbinw

    BTW @Jon889 you are absolutely right!

  • Comment number 24.

    Looks like Mozilla (and possibly other browsers) are building a 'Do not track' feature into their browser. https://dnt.mozilla.org/ I think this is far better than the farce of the EU's policy which may have good intentions but is rather impractical.

  • Comment number 25.

    When used effectively cookies can help website work quickly and inuitively - so what happens if users don't approve them because they don't realise this? Cookies get a lot of bad press - but I'll guess most people enjoy the fact that e-commerce sites can store your details and a customised homepage can be created on websites like the BBC. Without cookies the browsing process could be slowed down considerably, which is something users are becoming far less tolerant of as this article shows - https://equatorlive.com/blog/2011/06/03/the-importance-of-website-speed/ The rules need to be refined very carefully to ensure users know about how cookies can help improve their online experience.


More from this blog...

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.