It’s kind of sad to see the cookie warning on first visit to an NHS page—from an accessibility point of view. If you’re sick and maybe older and you go to find some health information, the first thing you want to see isn’t “We’ve placed some small files on your computer called cookies. Are you okay with that?” It’s an almost nonsensical, bizarre question for anyone who isn’t an IT expert.
An organisation as large as the NHS/UK GOV is not going to have their own in-house analytics solutions. And I believe even that would require a cookie policy to be displayed under the (current) legislation.
I imagine they’re using analytics to improve the website, not to sell you more medicine. Imagine running a hospital without knowing where you had queues, people getting lost, broken doorways, etc. Analytics is just that.
I guess you’re worried about it being used more nefariously, especially by the third-party trackers themselves. If so, I’m also a little concerned about that, but I think the good probably outweighs the bad.
I mean they literally have Google and Microsoft analytics cookies in there.
I am aware that they are doing this to improve their website, but I don't get why so many are saying that it is because of the EU law or that it is a bad law.
Yes they have to show this dialog because of the law, but they decided that it is worth it for their analytics. That was their decision. They could also have said that they would be fine with less analytics and less tracking and gotten rid of the dialog. It can also not see why it is a bad law since it is exactly doing what it is supposed to do: Prevent or inform about tracking by the Tech giants. M$ and Google don't really have a huge amount of trust from the general public that their tracking is the good kind.
You can't do any form of user testing or heatmaps with server logs. And whilst real user testing is undertaken, sometimes the passive collection of heatmap data etc. is best done in an unbiased environment (i.e. you don't know you are being tested).
There are plenty of open-source analytics tools that you can self-host, like Open Web Analytics. You can gather all the information you need for usability testing without handing it over to a third party and compromising the privacy of your users.
Of course they can, but there is always a cost of hosting your own infra. There is a strong argument for the gov to be doing this in house, but I suspect it's not 100% the case and individual departments have the freedom to put their own tracking codes on their own site.
Because they collide. GDPR regulates how to work with private information and makes it absolutely clear that cookie popup informing the user that a cookie was already set is not sufficient. But if the cookie is not used for privacy relevant user tracking, then a popup is not necessary in neither regulation.
Those cookie popups have been a misinterpretation in the first place, the general recommendation for them already redacted by the one data protection agency that first formulated that consequence as requirement based on the regulation from way back then. They are completely out of date now. Note also how the site you link does not require them - it instead completely blocks the site when cookies are not allowed by the user, which is a different beast.
The workaround would be pretty simple to implement. Cookies are only needed when you need 'state' between the client and server, so only serve cookies when you need state. The very first instance of state should be the very first instance of a cookie warning. Of course, once you have implemented cookie based tracking, this doesn't work anymore.
It is a lot more simpler then that actually. The law does not say that you need consent for all cookies, you just need consent for some types of cookies. If it is just between the user and your own server for some necessary state information you dont need this dialog.
If they removed the Social Media and Third Party tracking cookies they could remove the dialog completely.
It is also unecessary to have cookies on a gov healthcare website. They can measure/track/count traffic and statistics from their servers' logs and run cookies-free environments. Exactly to reduce stress and confusion to people who lack these basic IT skills.
I don't think the law is dumb but the implementation certainly is. The settings should be incorporated into the browser so your browser tells the site what your preferences are. Then you only have to set them once.
It’s kind of sad to see the cookie warning on first visit to an NHS page—from an accessibility point of view. If you’re sick and maybe older and you go to find some health information, the first thing you want to see isn’t “We’ve placed some small files on your computer called cookies. Are you okay with that?” It’s an almost nonsensical, bizarre question for anyone who isn’t an IT expert.