The European “Directive on Privacy and Electronic Communications” that regulates the ways websites can track users, is coming to sites which serve European users, which covers plenty out there. The Directive requires that sites disclose the use of cookies on their site and allows visitors to opt-in to their use. It could be an immediate turn-off for users, but it’s here to stay. On Saturday, May 26, the UK implements the first phase of the law, so website owners are scrambling to ensure they are in compliance (assuming they even know about it). As we’ve said before, we think it’s dumb and will make it much harder on European startups.
The first requirement of the UK law is that sites do an audit to determine what cookies are used on their site. The Directive asks them to identify two types of cookies: those it deems “strictly necessary” and those that are not. The problem is that most sites have no idea what cookies it might be serving to users. However, US-startup CloudFlare is about to launch a service which will tell site what cookies they are serving and a way to control them: CloudFlare Audit + Control.
CloudFlare launches its Audit service first, possibly later today. This will interrogate a site and deliver a report on what cookies are being served.
Once that is in operation and people are using it, the data collected will form a sort of collective intelligence about what cookies are actually doing. This is useful because cookies can get dropped by multiple sources including the Facebook Like button, widgets, ad networks and analytics services. CloudFlare’s Audit will identify all the cookies floating around and will let a website owner see how other site owners have classified those cookies. Then they can work out which are the “strictly necessary” cookies.
After building a database of all the web’s cookies and the widgets that drop them, CloudFlare then plans to enable the second portion of the Audit + Control app. This will allow site owners to selectively enable/disable cookies and third party scripts on an individual basis via CloudFlare’s interface. Site owners won’t need to change any of their underlying code.
The idea is that sites will then be able to comply with the opt-in requirement of the EU law, which comes into effect later this year, without harming the core functionality of their sites.
The service is available for free to any CloudFlare users (CloudFlare’s basic plan is also free) but non CloudFlare customers will get the Audit portion in three weeks. The Control part of the service will only be fore CloudFlare users.
CloudFlare knows its onions on this score. It already powers nearly half a million websites and sees over 45 billion monthly page views across its network for more than 450 million unique visitors.
Clearly the Directive will put sites run out of Europe at a disadvantage to their US competitors, and slap bang in the middle of a recession. Not only that but the law applies to any website that has European visitors, so it’s not just an issue EU webmasters need to worry about. However, I’d love to see the European Union try to bring an action against multiple Stateside sites.