EVERYONE with a website seems to be talking about the new EU Cookie Law, despite very few businesses having a firm grip on what’s expected of them and how best to avoid the quoted £500,000 penalty for breaching the rules.
If you’ve found yourself caught up in cookie confusion, the first thing to understand is that the rules aren’t really new at all. In fact, they were introduced in 2011, with the powers that be (in this case the Information Commissioner’s Office) giving everyone a year to get their websites in order. Despite big figures being thrown around the internet, the ICO has already said it’s “most unlikely” that fines will be meted out at this stage.
So, there’s no need to panic just yet… the most important thing is getting to grips with everything you need to do to ensure your website is ticking all the boxes it can in order to meet the regulations.
What are these cookies anyway?
If you’re not completely clued up when it comes to cookies, here’s a simple outline of what they are, how they work and why the government wants to restrict their use:
In short, cookies are little text files used by websites to remember their visitors. There is, of course, an option to block all cookies with your browser, but this has historically made some websites difficult – or impossible – to use.
The guidance continues: “You need to provide information about cookies and obtain consent before a cookie is set for the first time. Provided you get consent at that point, you do not need to do so again for the same person each time you use the same cookie (for the same purpose) in future”.
If you want to find out more, the ICO has put together a blog and short video to answer some of the most common questions; you can find it here.
How do I comply with the cookie laws?
The first step is to understand what kind of cookies you use on your site, and how you use them. From there, you should be able to analyse which cookies are absolutely necessary and might not need consent; you should also be able to work out which cookies are no longer needed and make a judgement call on how intrusive your cookies might be.
In order to comply with regulations, you need to state exactly how cookies are used on your website. Web domain company Namesco has come up with some useful advice and recommends that cookie-enabled sites should:
- include a link in your policy to www.aboutcookies.org so that your visitors can access instructions on deleting and controlling cookies.
Guidance from the ICO suggests a number of different methods for obtaining user consent, but encourages businesses to work towards their own solution. To make life as easy as possible for you, here’s a summary of the ICO’s suggestions:
- Use pop ups or similar to ask for consent (although Namesco’s blog points out that pop ups are discouraged by Web Content Accessibilty Guidelines)
- Enable preferences that users choose when visiting your website as a means of gaining consent.
- Interactive features, such as videos, that remember how users personalise their visit to your website, can also determine user consent.
- If you use analytic cookies to gather information about how people access and use your website, it may be possible to add a footer or header to a web page containing text.
- If your website allows a third party to set cookies, it is more difficult to obtain consent. Initiatives that seek to ensure that users are given more and better information about the use of information should be used. Anyone whose website uses or allows third party cookies must ensure that the correct information is delivered to users so they can make their own informed choices.
How will the cookie laws be enforced?
It’s not entirely clear how the rules might be enforced although, as pointed out earlier in this article, it’s highly unlikely that the ICO will start penalising website owners right away and without giving them ample opportunity to comply. According to itpro.co.uk, ICO deputy commissioner and director of data protection David Smith had this to say: “The moratorium on enforcement action comes to an end, but please don’t read that [as] the Information Commissioner’s Office is going to launch a torrent of enforcement action.
“What it really just means is that complaints about websites that don’t get consent go into the normal processes we would take in assessing whether to use our powers.”
He added: “We’re not about enforcing the letter of the law for the sake of the letter of the law. We cannot and do not rule out [issuing fines], but it is most unlikely that breaches of the cookie requirements will meet the criteria we have to satisfy before we can impose a penalty.”
- Has this blog been helpful? Please do leave us a comment and share it with your friends and social media sites. Thanks – Team Tiger.