Become a Successful Entrepreneur – Build Your Own Cookie Business From Scratch

Let’s get one thing straight. Cookies are great! Everyone from the smallest child to the oldest adult can always appreciate a good cookie. They are made at home, bought at the store or bakery, given as gifts and party favors in nearly every situation imaginable. A stake in the cookie market can be very lucrative, as well as rewarding for you and your wallet.

So if you are looking for a great business opportunity, why not try your hand at selling cookies. Your business may sell the kinds of cookies that you can normally only get from your grandma. Or perhaps yours will be the business to sell the most flavors, or the biggest cookies, or even the smallest. There are literally thousands and thousands of styles and combinations for business ideas that can make you very successful. What about a cookie delivery business where fresh baked homemade cookies arrive at customer’s doors in thirty minutes or less? You could even just go with a basic sugar cookie recipe, but cut them out into all different shapes, sizes and decorations to go with every holiday or occasion.

Personalized cookies are also a fabulous gift, and can also be used to commemorate dates like weddings and anniversaries. In the cookie business, it is easy to see that such cheap ingredients such as flour, sugar, eggs, and other flavorings can easily be turned into a product that is not only eye catching and tasty, but also one that can bring in a fabulous stream of income for years and years to come.

What the New EU Directive on Cookies Means for Webmasters

This article aims to give an overview of what is required by the new 2011 EU Directive on the use of internet cookies and how webmasters and businesses may look to satisfy the new rules.

The general remit of the original EU Directive, the Directive on Privacy and Electronic Communications which dates from 2003 is to tackle data protection in digital/electronic media. The 2011 update particularly concerns the appropriate use of cookies. In the UK the Directive is enforced by the Information Commissioners Office (ICO)

The broad requirements of the Directive for businesses and webmasters are to:

  • Provide clear and comprehensive information to users of their website(s) detailing what cookies will be used and how they will be used.
  • Obtain consent to the use of cookies from each user before deploying them, having provided the above information.

Scope of the Directive

The Directive applies to all cookies except:

  • Cookies that are absolutely essential to the working of a service which the user has explicitly requested.
    • e.g., a checkout process which requires the site to remember items in a shopping cart from one screen to another.
  • 3rd party cookies or cookies relating to 3rd party content which must be clearly identified and explained and will require a solution to be found between all parties involved to obtain consent from the user.

Who will have the ultimate responsibility for 3rd party cookies as a rule is a little bit ambiguous and each case will need to be assessed on its merits. That is not to say that it is an opportunity to avoid the requirements of the Directive. In fact the use of these cookies may require more communication from each party involved to explain and obtain consent from the end user.

The Rules

  • The information describing what cookies a site will use and how they will be used must be provided before the user is asked to consent to theme being deployed.
  • The amount and detail of the information that is provided by a website should reflect the degree to which personal information is gathered and the user’s privacy is affected.
  • Once the user has consented to cookies being used for a site, the information and consent request don’t need to be presented again unless new cookies are introduced.
  • An opt-out or similar ‘failure to object’ does not equate to consent. The only exception here is if consent is sought/included as part of a broader process which itself explicitly requests consent. For example, a user signs up to a service and it is explained to the user that by doing so they are consenting to the use of cookies

Potential Solutions

There are a number of possible ways in which the sites can satisfy the requirements of the new Directive:

  • Pop up windows which users see when landing on site (on each visit until they respond)
    • this may cause usability and accessibility issues
  • A Terms & Conditions checkbox which is included when a user agrees to the T&Cs whilst, for example, signing up for a new account.
  • An additional setting which needs to be turned on, for example, within account portals or against particular pieces of functionality.
  • A scrolling information banner which appears on landing pages to inform the user that cookies are not turned on and that they should visit another page (e.g., Privacy Policy) for more information and to turn them on.
  • A prompt that the user sees before using a particular feature or piece of functionality on a site.

In any case, webmasters should look to streamline and monitor the use of cookies on their site to the reduce the risk of a breach and/or the layers of consent and information that are required across the site.


The regulations are enforceable in the UK by the ICO who have the following powers (as per the 2003 Directive):

  • To perform an audit of action that a webmaster has taken to comply with the Directive
  • £1,000 fixed fine for not resolving any breaches that are identified
  • (In the worst case scenario) A fine of up to £500k.
    • These fines will only apply where serious breaches of data protection covered by the Directive result in extensive or serious damage or distress.
    • but relevant if we are dealing with personal data.
  • Request information regarding 3rd party breaches


The EU Directive and ICO regulation has been in place since 26 May 2011 however the ICO has allowed a lead time of 12 months for webmasters to work on and implement their solutions.

The key dates are as follows:

  • 26 May 2011 – 26 May 2012: Demonstrable planning and work should be ongoing to provide a solution.
  • 26 May 2012: Solutions must be in place

Internet Privacy 2010 – “Super Cookies” and the Global Debate

The concern and debate about the ethical issues of a third party tracking and selling PC users online habits is not new in the Internet age. Yet the debate on personal Internet privacy is dramatically heating up in 2010 and gaining worldwide attention from civic and governmental organizations around the globe. The impetus for renewed focus on standardized levels of consumer online privacy is largely fueled by new technologies in cookie tracking tools that is garnering a name for itself in some industry circles as “super cookies.”

To understand the latest round in the online privacy debate we must first get a brief, non-technical overview of what is a super cookie and how it differs from a standard browser cookie. The standard browser cookie is familiar to most PC users. It is a non-viral small piece of text that is stored on a user’s computer by a web-browser primarily for authentication, session tracking, user preferences, shopping carts, etc. but also allows for personal information and preferences data capture. Web bugs are particularly sneaky cookies that can be deposited on your PC through your browser or via a small 1X1 pixel graphic that can be stored in a document or email that someone sends to you. Standard browser cookies are, for the most part, easy to identify and delete, if desired, through your browser’s cookie management tools.

The new breed of super cookie transcends traditional environments and can be used for the same good or questionable purposes. What really differentiates a super cookie from a standard cookie is how they go about tracking a user’s online activity, what they are storing, and the difficulty in identifying and managing a super cookie. Today’s super cookies are synonymous with Adobe Flash and Microsoft Silverlight cookies, which are browser independent.

According to a article I read recently about a UC Berkeley report on Internet privacy, the phenomenal explosion of non-browser cookies created via tools such as Adobe Flash and Microsoft Silverlight should give us pause for thought. The article cites from the report that “More than half of the Internet’s top web sites use Flash cookies to track users and store information about them.”

Adobe Flash software is estimated to be installed on roughly 98% of personal computers. So, when you visit a site like YouTube you’re likely using a multi-media tool like Adobe Flash that can deposit a cookie on your system each time you visit. The cookie is not actually in your browser where you could normally find and delete it. They are browser-independent so even if you switched your browser, that cookie would still be on your system, following your next online visit and accumulating an ongoing profile of your habits. What is most alarming is that few sites acknowledge use of Flash in their privacy statements.

The fundamental concern is how much and to what extent of anyone’s online habits can be stored for behavioral targeting and contextual online advertising when the user is unaware of how and what is being tracked? Especially when the user believes he is taking adequate steps to protect his privacy. Globally, the question on the table is “Who regulates the tracking and selling of personal and online purchase data?”

With the proliferation of super cookies, industry and government regulation is evolving as an agenda topic in the debate on Internet privacy as it relates to stored online activities. The “Do not call” telemarketing database protection of several years ago (and unsolicited FAX many more moons previously) is actually working to a great extent. It’s not flawless but it does offer consumers some level of protection against invasion of privacy. The same applies to the CANSPAM laws for opting out of a company’s unsolicited email. It’s not OK to call me during dinner time if I explicitly ask not to be. Similarly, if I opt out of a company’s email solicitations, I should expect no more emails from that company within a reasonable timeframe that allows the company to flag me as “no email” in their database. Yet now, our online habits are being tracked, bought and sold without our knowledge and subtly re-sold back to us in the way of our next “suggested” site visit or “contextual ad.”

The consumer privacy ramifications of super cookies are already on the radar for the Federal Trade Commission (FTC), many U.S government State offices, and global Internet privacy organizations. It will be interesting to follow the outcome of the recent FTC roundtable debates on this topic held in California in January 2010. Also, let’s see how Barbara Anthony, the Undersecretary of Consumer Affairs in Massachusetts may break ground with her declaration that she wants similar consumer online data protection in her home state by March 1st. All we ask for when it comes to our online privacy is somewhat of a gentlemen’s agreement relative to disclosure and recourse. We just want a level playing field, regulated by the industry or the government that protects us in an age of unscrupulous big business practices, identity theft and invisible personal data collection.

On the technology side, we know that there will be vast increases in the code and practices that spawn viruses and malware and spam. We also know that creative good-guy vendors will stay pretty close to the heels of the bad guys who create these vile things. But super cookies aren’t coming from bad guys in an unidentified location. They’re coming from large companies with heavy ties to the industry and deep-pocket access to government lobbyists.

The online user is at a disadvantage because super cookie management technology seems to be largely in its infancy. Even if there is government or industry self-regulation in the coming months and years, the user needs a comprehensive tool to auto manage and manually adjust all types of permissible and non-permissible cookies according to their personal data protection requirements. With all the renewed global discussion about online privacy, especially since the recent proliferation of super cookies, 2010 will likely be a watershed year for positive changes in online consumer protection.