scientific and technical website design projects news

Cookie crumbs (part 2)

We’ve just started work on a multi-lingual site, where the entire site is duplicated in English and French (rather than just a summary in the ‘non-target’ language). This has a basic requirement to offer pages in either language with a seemless transition if required, and one of the simplest ways for doing this is to ask the visitor what language they want to read the site in, and then remember their answer. It is the remembering part where we run into trouble; because the visitor is only identified by their IP address, which can change, we ask to save a token on the visitor’s machine called a cookie. When they ask for a page from our site they also present this cookie, which we can use this to make a connection between them and and data we have stored about them – in this case what language they want their page in!

Informer : c’est obligatoire ! [CNIL]

In May we posted The cookie crumbles, so we thought it worth while re-visiting the question in advance of our new contract to see what has changed. Most of Europe has yet to implement the directive, but the French CNIL has moved to post clear requirements for website owners (OK they look to be clear with my understanding of French and the use of Google Translate!). In contrast the UK’s position is quite muddy; in attempting to protect the online advertising industry the government seems to have left ICO in a cleft stick, with the requirement to implement without changing anything.

ICO have had a bit of a go on their own website, as you can see from the banner image below (captured from their site August 25 2011):

ICO's banner (August 2011) showing Cookie notification script
ICO's banner (August 2011) showing Cookie notification script

The ICO’s website informs you that they’ve already stored one cookie on your browser, and they’d like to store more. This is done in a text message over the banner of their site. Once you’ve said that you will accept cookies from them they use this information to hide the message from you on other pages on their site (until you delete the cookie).

This process is rather clumsy for a commercial website. Lets face it, I want to let you read the site in your language, so slapping a legal notice accross the head of the site is massive case of over-kill. In essence the legal warning informs you that I’m out to steal all of your private information and sell your soul to the devil. For the moment, where we are obliged to use cookies, our procedure will remain unchanged, with a notice at the point of language selection (in this instance) – possibly with a link to extended description of what we use the cookie for and how to set your browser so that you cannot read the site in the language of your choice (as per CNIL).


A useful roundup of current positions across Europe is provided by Norton Rose, which links to the CNIL guidance:

Norton Rose.

CNIL website at selection point for type of organisation requiring legal advice.

Information Commissioner’s Office website.