To help you tidy up your website – and hoover up the cookie crumbs perhaps! – I’ve outlined some key information and guidelines to help you understand the new EU Privacy Directive regarding the use of cookies.
What is the new law?
The new legislation, which came into effect on 26 May this year, states that cookies can only be placed on machines where the user or subscriber has given their consent.
Don’t panic
Before you start to get that uneasy feeling in your stomach as you realise (a) you don’t really understand what a cookie is and/or (b) this date has now passed, it’s not all doom and gloom and the end of your behavioural marketing efforts. First, if point (a) applies to you, then see the ‘What is a cookie’ section and rejoin us in a minute. The rest of you, stay with us.
This legislation is not as intimidating as it may seem. Since 2003, organisations have been required to provide ‘clear and comprehensive information’ about cookies used on their websites, along with an opportunity to opt out. What is different now is that organisations need to obtain consent from users as to whether they want to proceed with a website that uses cookies; in other words, provide an opt-in. But you can breathe a bit of a sigh of relief here because not all cookies require consent. The consent is only required when the cookie is not seen as strictly necessary. If the user requests a particular service from the website, then no consent is required; for example, when the user fills in an online form or adds an item to their shopping basket.
Missed the sell-by date?
Despite the fact that the directive came into effect on 26 May, it doesn’t mean you are already an outlaw if your site isn’t yet complying. The Information Commissioner's Office (ICO), the authority responsible for enforcing and regulating this directive, has taken into consideration the challenges involved and is giving organisations 12 months before they need to comply. The ICO realises this process should be industry-led and so is allowing organisations themselves to find the best way of meeting the requirements for their business. The outcome will serve to inform best practice going forward.
Where do I start?
You can do three things now:
- Perform an audit on your current cookie usage. Identify them. Find out what they are used for. Assess how intrusive they are. Cease using any cookies that are unnecessary.
- Decide what solution to obtain consent will be best in your circumstances.
- Add information to your website, in your T&Cs or Privacy Policy, about the cookies you are using and the steps you are taking to meet the EU directive.
FAQs
Is there any best-practice documentation?
Yes, the ICO plans on updating its current document entitled ‘Personal Information Online Code of Practice’ in the near future, based on outcomes from the industry. Keep your eye on the Tools and Resources section of the ICO’s website.
What about browsers? There is talk that the opt-in can be taken care of at the browser level.
At this time, most browser settings are not sophisticated enough to assume that the user has given their consent for your website to set a cookie. Also, not everyone who visits your site will do so using a browser. They may, for example, have used an application on their mobile device. The ICO is therefore advising organisations to obtain consent some other way.
Useful sites:
*What is a cookie?
Basically, it’s a small text file that is stored in the web browser and used by websites to ‘recognise’ the computer. Typically, these are used for the purpose of creating a personalised web experience. Cookies will store your preferences so you don’t have to log in each time you visit a site or remember what you added to the basket when you continue shopping etc.
Dispelling myths about cookies
Cookies:
- cannot infect computers; they are text files, not executed as programs
- are not used for spamming
- are not only used for advertising
- do not generate pop-ups
- cannot erase or read information from a user’s computer
- do not track individual people; however, they can identify a combination of a single computer, user account and web browser.
Discover more: www.allaboutcookies.org
Please note this article was written in Aug 2011, for up to date information please see the ICO's guidance on the new cookies regulations document (PDF).
^ Back to Top
We'd like to hear how your organisation is preparing for the cookies law. Feel free to leave your comments below...
