On May 26th 2012, the new EU Cookie regulations come into force in the UK. The legislation is aimed at protecting the privacy of people visiting the websites of EU based businesses. But what does that mean for your website?
What are cookies?
Cookies are sometimes used to provide personalisation for the website user, storing a user’s preferences for certain types of content, so the most relevant information can be presented to them.
In some cases, Cookies can be used to “harvest” user data – i.e. tracking the content viewed or search for by an individual for the purposes of advertising to them or selling this data to third party sites or advertisers.
So, Cookies can be used to enhance a visitor’s experience of website, and sometimes for more nefarious purposes.
Stopping using Cookies is not an option for most websites, as Cookies are currently the best and in some cases the only way to achieve analytics, ecommerce and other functionality online.
What is the Cookie Law?
The Cookie regulations are being introduced to protect consumers’ privacy. The legislation will place limits on what data stored through Cookies can be used for without the consumer’s knowledge and consent.
The Cookie regulations oblige businesses (a) to provide website users with full details of all the Cookies used by the website and, (b) to provide the user with the option to “Opt In” before any Cookie is placed on that user’s device that is not essential to providing the functionality that the user has requested of the website or which could be considering to intrude upon the user’s right to privacy.
The UK Information Commissioner’s Office states that:
“… the intention behind this Regulation is … to reflect concerns about the use of covert surveillance mechanisms online. Here, we are not referring to the collection of data in the context of conducting legitimate business online but the fact that so-called spyware can enter a terminal without the knowledge of the subscriber or user to gain access to information, store information or trace the activities of the user and that such activities often have a criminal purpose behind them.”
Who does the legislation apply to?
All UK businesses will need to comply with the EU Cookie regulations in accordance with the UK legislation.
How to ensure our websites comply with regulations
Cookies used for Analytics purposes, whilst not “strictly necessary to provide the services requested by the user”, are likely to fall outside of the scope of the elements of the regulation that will be enforced in the UK. The Information Commissioner states:
“We are unlikely to prioritise first-party cookies used only for analytical purposes in any consideration of regulatory action.”
Even the UK Government’s own Digital Services division argues that web analytics are both:
“essential to the effective operation of government websites … [and] … minimally intrusive for end users.”
As with similar legislation, the key will be for websites to interpret the legislation in a way that safeguards website users from the worst excesses of Cookie use (i.e. Cookies that seriously infringe on the privacy of the user for commercial or other more questionable ends).
What you should do right away
Here are the three things that you should do immediately:
- Find our what Cookies your website uses. If you need information on the Cookies used on your own website, please contact us directly and we will be pleased to provide you with details of: (a) what Cookies are stored on your website visitor’s devices, (b) when is the Cookie stored, and (c) what for.
- Stay within the regulations for Cookies that have privacy implications for your users. For any Cookies used on your website that are not strictly required to provide either services requested by the user or Analytics data, consider carefully whether you need to be using that Cookie. If you do, you will most probably need to give the user the option of explicitly “Opting In” to such cookies being stored on their device – otherwise you could fall foul of the regulations.
Information Commissoner’s Office: Information on Cookies and Cookie Legislation
Culture Sparks article by Cameron Leask of Escrivo Internet Consulting on the UK Cookie Regulations: