But here's how you can save yourself!
The story so far...
(Cue the tension-building music)
In 2011 the UK government confirmed it would enact, unchanged, a piece of the EU Privacy and Electronic Communications Directive, which dealt with cookies*.
Obviously that's not the chocolate drop sort, but the small, temporary text files that web servers send to a browser. They're used for navigating the site and other things too.
"Other things" includes monitoring users' browsing behaviour, which is why the EU has been sticking its oar in.
Thus, on May 26th 2012, it became UK law that a web site must have a user's consent before placing a cookie on their machine.
Although all web browsers have controls to determine how cookies are stored (and if they're stored at all), the Office of the (UK) Information Commissioner (the ICO) has decided that this does not represent full consent.
Thus the official line is that all UK websites using cookies must tell visitors that, and request explicit permission for those cookies to be placed on the visitor's computer. Theoretically, that is.
The latest episode
Previously, owners of any site not in compliance with the law would only "be directed to read the guidance information published on the ICO web site." The ICO have announced, however, that that they will now be focusing more on web owners who don't appear to have done anything to bring their sites in to compliance.
The fine that could potentially be levied is enormous: £500,000.
(Crashing chord) Yikes! This beast really does have big teeth!
Bad guys working in secret
The EU's intention is arguably noble: some sites have used "spy cookies" to track user behaviour as they browse and build up a data set of their interests and (typically) their searches for consumer goods.
Ever searched for something you don't often buy, say garden furniture, on a department store site? Have you later noticed adverts for deckchairs oddly popping-up on, say, a newspaper's web site? Cookies are how that's done by the less scrupulous, up until now.
The EU is quite reasonably concerned that web users should know this game is being played behind the scenes, and have the choice to opt out. The trouble is that the new rules are a very blunt instrument indeed.
Cookies are a core web technology, necessary for all sorts of web functionality (not just snooping on people!). For example, almost all shopping cart systems need cookies to work properly, and it's pretty much impossible to implement a reliable system without them. It's the same with Google Analytics, the web site usage statistics system.
So should we panic now?
We don't think the ICO is after honest web site owners using cookies. Our own site now includes a general statement about cookies that I've added to our general privacy page.
That's probably all that's necessary for us, as we only use cookies with Google Analytics. On the other hand, if your site makes greater use of cookies and you're concerned about the implications, please feel free to ask for our help.
Call us on 0117 917 5040, or email andy.poulton@BristolITCompany.com.
(Cue the happy music and roll the credits...)
*"Today's programme was brought to you by the letters E and U, and yes,
the Internet expression really did originate with the Sesame Street Cookie Monster!"
Postscript
If you want to go through the quasi-legal detail yourself, the ICO's page on the subject ishere.
Amusingly, one of the first things they have to say is that, if you view the ICO's own YouTube video on the subject, that will itself set a cookie.
"Om, nom, nom, nom, nom..."