There was a lot of excitement among web developers about the best way to deal with this new requirement. The law itself was pretty unclear - and was changed at the last minute which didn't help matters.
We weren't tempted by this solution... well ok, we were tempted by it, but we resisted and here's why:
I don't allow cookies ...
I've been around so long that I remember the fuss when it was revealed that Internet Explorer 4 cookies were world-readable. (If you don't remember IE4 then I am very happy for you). So my slightly 'tinfoil hat' default is not to allow cookies. These days I can use the Cookie Monster plug in for Firefox to make managing cookies for individual sites a breeze.
... so how are you going to remember that I've clicked your cookie notice?
It's often down to poor implementation, but forcing users to accept cookie notices has made some sites completely unusable. Even sites that previously didn't bat an eye at not being able to set cookies.
A case in point is British Airways (I used to look after QA for ba.com - it wouldn't have happened in my day). I went to look at some check-in information the other day and got this:
Clicking 'continue' does nothing though - because, of course, it's trying to save the fact that I accept cookies and it can't... because I don't...
That's a particularly bad implementation but there are plenty of them out there. Take .net magazine as another example. It's a site I visit pretty frequently - but now they have an overlay that appears at the bottom of their page. It's fairly inocuous but I can't get rid of it without turning on cookies - and not just session cookies at that but I'd have to allow permanent cookies to be set to prevent it appearing every time I returned to the site.
Now, both of these examples could be solved with better implementation. Check for cookies first and if they can't be set then don't bother asking for permission to set them.
Remember it's not just old-fashioned types like me that deny cookie use - it might be privacy-conscious corporate clients, or schools, or users who just have their browser set up that way. They still might be interested in your products or want to click on your adverts.
Everyone hates pop-ups - have you forgotten so soon?
The otherwise lovely New Philanthropy Capital website has a cookie warning that's 214px high - on a netbook that's half the available page height.
Think about how serious something else would need to be before you'd surrender half your screen real estate to warning your users about it.
It's all about the users
If you are collecting data that users might not expect then it's only right that you set out exactly what it is.
If all you're doing is using cookies to maintain session infomation and gather stats, then a simple explanation of which cookies are being set is really all you need.
Don't ruin the usability of your website by slapping on a cookie warning just because it's easy. Oh, and don't trust a web developer who insists that's the thing to do without examining your requirements properly.
Everyone will agree with us ... soon.
We're not the only ones to baulk against plastering our sites with unfriendly warnings. This post was prompted in part by the good folk of SilkTide who themselves provide one of the scripts that let you add pop-up warnings to your site. They've had a change of heart and have taken annoying cookie warnings off all their sites - and written about why over at nocookielaw.com