Well the deadline for the imposition of the EU’s cookie law has come and gone, and I suspect that thousands of websites throughout Europe are still massively non-compliant. I checked my bank’s website last week and while they had something it clearly wasn’t compliant. The BBC doesn’t seen to have even tried.
In recognition of this, the authorities performed a massive climbdown at the weekend. As this Guardian article explains, the UK’s Information Commissioner changed its guidelines at the last minute. Initially they insisted that active consent was required: that is you had to actively ask the user if using cookies was OK before any cookie was deployed. The new guidelines (which my bank appears to have followed) say that implied consent is OK. So as long as information about cookie use is clearly displayed the site’s visitors can be assumed to have consented to that use. As The Guardian notes, this appears to be in direct contravention of the EU guidelines, so the UK may be in trouble over this in future, but until they are UK businesses should be safe following the local rules.
US readers may find this a bit confusing, but this is the way that “states’ rights” tend to be dealt with in the EU. If Brussels passes a daft law, everyone just ignores it. Well, almost everyone. The UK seems to delight in enforcing the daftest laws in draconian fashion so as to give the tabloid newspapers something to write scare stories about, but in this case we seem to have done the smart thing.