On 26 May the UK's Information Commissioner's Office (ICO) will impose an EU directive controlling the way websites are allowed to use cookies. The law says that sites must provide "clear and comprehensive" information about the use of cookies.

It says websites must:

• Tell people that the cookies are there
• Explain what the cookies are doing
• Obtain visitors' consent to store a cookie on their device

The only exception to this may be cookies used to keep track of a customer's purchases on an e-commerce site. It is hard to be sure exactly what the exceptions are, as the directive is quite imprecise.

The question that we are considering is, 'is this the most ill-considered piece of legislation ever conceived?'. Well the answer is probably 'no', given that the bar is set very high, but it must be a contender. The basic intent of the law is quite reasonable, to protect users' privacy. The problem is that the legislation is clearly framed by people ignorant of the way that websites actually operate. It is the third requirement, to obtain visitors' consent every time a cookie is stored, that is utterly impractical. Cookies are quite fundamental to the way that modern websites operate, to comply with the legislation most websites would need to be constantly asking whether they want to accept cookies.