The EU Cookie Law: What you have to do
Why are the changes being made?
The Information Commissioner’s Office (ICO) have set up these new regulations in order to protect users online privacy and give everyone the opportunity to give their content to having their information stored instead of it being done without it. In a survey that the ICO carried out in February last year, they found that only 13% of the respondents indicated that they fully understood how cookies work, 37% had heard of internet cookies but did not understand how they work and 2% of people had not heard of internet cookies at all before participating in the survey. On top of this, 37% said they did not know how to manage cookies on their computer. Due to these results, the ICO felt that changes needed to be made in order to make users aware when their personal data is being taken.
What does this mean for my website?
The new legislation doesn’t mean that you cannot use cookies on your website at all; it is more focused around educating the user on what type of cookies that you use. There are some types of cookies that will require a user’s consent to use, and there are also cookies that are exempt from this rule.
The way that the cookies are classed as ‘exempt’ is that if it is a cookie that is used specifically for the ‘website performance’ from the user’s point of view (not the servers’), i.e. to allow a user to log in to the website or to process a transaction on the e-32commerce system. This kind of cookie will be acceptable to use without prior consent. It is important to understand what is meant by ‘from the user’s point of view’ as this is a topic that is open to some debate. This means that even if a cookie is used in order for one part of the website to function correctly, if it is being used to store information on a user, for example, for more of a personalised experience, then this is not essential to the user and would require their content.
The BBC have implemented a very discreet bit of information on the cookies that they use at the top of their website. This allows users to see exactly what type of cookies they use and what they use them for. This is what the legislation is based around promoting; awareness to the user.
Where do I start?
The first thing that needs to be done, is to perform an audit of all the cookies that your website stores on users’ machines in order to see exactly what you need to ask for consent for, or display information on. We have been doing this across many of our different clients’ websites, and if any permission is needed from users, then we will set up notifications that can alert the user to this.
Once you have done this, it may be wise to just create a brief bit of information to your website’s users that outline the different types of cookies that your website uses, as well as what they are used for. As the ICO have stated, these changes are about creating transparency between the internet and its’ users. By giving users this kind of information, you can avoid getting into any trouble and give your website’s visitors peace of mind.
You can check out our cookie policy here 🙂
Don’t forget that the latest “watered down” rules from the ICO say that implied consent is valid so you don’t have to actually ask people for their consent : http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx has more details.
Thanks John, a very good point.