What do you call a directive that has become law, but the body responsible for policing it has already said you can have another year to comply, and also freely admits that it is not sure how you will comply yet.

Welcome to the EU's Privacy and Communications Directive

In action since the 26th of May in the UK, this new directive requires the user's consent before a site can store cookies - small text files that help organise and store browsing information. What's not to like?

That's easy enough - isn't it?

Well, yes and no. For a start if people say no then this is likely to be good bye to any meaningful website analytics. It is also almost impossible to complete an e-commerce transaction without using cookies, and any site that requires you to register is probably using cookies to help you remain logged in as you navigate the site.

As a site owner you will need to allow a user to explicitly accept cookies from your site before you store any, and that means that whatever page they arrive on, and wherever they came from, the first thing you need to do is present them with a message that sounds a bit scary ("do you mind if we store some 'stuff' on your computer whose name sounds like we just made it up?").

And we'd better hope that the user isn't running a pop-up blocker that stops the message being presented - because that might mean we didn't ask.

But this could make matters worse!

How come? Well an awful lot of cookies currently being used are 'session' cookies which are designed to be deleted when you leave the site. Others last for 30 days to recognise you if you come back.  If in future each visitor needs to jump over this barrier to entry then you can bet that sites will want to store the response as long as possible, to avoid you having to be asked again (when you might say No next time). So, not only will the number of cookies stored go up, but it is likely that if you said 'No Thanks' that you will be shown the door, asked to use the phone to order or get nagged on every page you view until you give in.

Of course, the directive only applies to users in Europe, so the other thing we need to do is find out where the user lives, and this can be more difficult than it sounds. The usual method is to look at the users IP number, but this is not always the country that they are actually in, AOL users for example always looked as if they came from Virginia USA, wherever in the world they were.

What about the browser?

Ah, yes - you see it is perfectly possible that maybe you won't need to do anything to your site - we just don't know! If the browser makers get together and made the permission system a built in part of the browser then the millions of site owners wouldn't have to spend all that money fixing their sites (when someone decides what 'fixed' means). People could either 'opt out' as a general setting (making the whole exercise a bit futile) or manage a personal list of allowed and blocked sites (like they actually can do deep in the settings panel now anyway).

Time to sit on the fence!

The best advice currently is... do nothing! Be aware, however, that if the browser approach falters and action does need to be taken (and it is likely that some changes might be needed, even if only to terms and conditions) that you should put aside some of your internet budget this year just in case.