EU Cookie Law and how it effects you ….

On May 26th 2011 a new EU originated law came into effect that requires website owners to make significant changes to their sites and may fundamentally change the whole web browsing and shopping experience for everybody.This Cookie Law is amended privacy legislation that requires websites to obtain informed consent from visitors before they can store or retrieve any information on a computer or any other web connected device.

What is Cookie Law?

What people refer to as the ‘cookie law’ is a new piece of privacy legislation that requires websites to obtain consent from visitors to store or retrieve any information on a computer or other web-connected device, like a smartphone or tablet. It has been designed to protect online privacy by making consumers aware of how information about them is collected by websites, and enabling them to choose whether or not they want it to happen.

It started as an EU directive adopted by all EU nations on 26 May 2011. At the same time, the UK updated its Privacy and Electronic Communications Regulations, bringing the directive into law.

Requirements & Responsibility

Many people will be unaware that the law is already in effect in the UK. However, the UK’s regulator, The Information Commissioner’s Office (ICO), gave everybody a one year ‘grace period’ before enforcing it. That grace period will expire on 26 May 2012.

This sounds scary, but nobody will be serving legal papers at 12.01am on 26 May over cookie compliance. In many ways the cookie law is a natural extension of privacy practices websites already use.

Auditing your website

We have a duty of service to advise our customers what is required and although through this new government legislation. We are only offering the audit and resolve services to customers who have had websites built by us, however if you are hosted with us and have your own website, contact us on 0800 756 9975 to see if we can help

We will perform a website audit for £85 + vat which will identify what cookies are in use on your website. All customers running our e-commerce websites will be using cookies, but this may not be all they are running. 3rd party cookies must be identified and published so that your customers know exactly what you are tracking and retaining. Once we know what is in use, we can advise you what the best course of action is

Possible Action & Potential Costs

If you are using cookies (which most of you will be), you will need to look at your terms and conditions and adjust them to suit your website (involving a solicitor at your discretion). In addition, you should ensure you have a good privacy policy, written correctly and finally two methods are being suggested for websites

  • Explicit Opt in / Opt Out
  • Assumed Compliance

If you are using multiple cookies from 3rd party applications (twitter, face book, banner advertising, google analytics, tracking and monitoring etc etc) then quite possibly, you will need a policy to advise customers when entering your website that you use cookies for certain purposes and the client must agree to their use and force them to accept/deny it’s use. we will advise you on the best options here

If you have a simple e-commerce site and simply use cookies to track user activity in the shop, you ‘might’ be able to adjust your terms to assume compliance by the shopper e.g ‘By using this website, you acknowledge that it uses cookies and accept it’s use’ and ‘if you don’t like it, you can leave’. This is a grey area at the moment and one which is a so called ’11 th hour reprieve and final modification to the law before it came into effect’ but is also one which differs from the rest of Europe and is one which may see some legal issues as a result’.

Here’s a simple breakdown of how to go about categorising cookies:

  • Zero compliance risk or ‘strictly necessary’ cookies Always first-party and not persistent. These include functional navigation and user session cookies for shopping baskets.
  • Low compliance risk Always first-party and may be persistent. These cookies include accessibility options for visually impaired users and, arguably, analytics cookies.
  • Medium compliance risk Usually first-party and persistent. These might be used to store personally identifiable information, or limited cross-site tracking, in order to present content based on previous visits. Another good example is the Facebook Like button.
  • High compliance risk Third-party and persistent. These are mainly used to track and record visitor interests without prior consent, and aggregate this data for use by third-parties, normally advertisers. This also includes cookies set through the provision of embedded content which is not ad-related, such as Google Maps and YouTube videos.

We are NOT Lawyers, we are web developers

We can not accept any liability as a result of any issues which arise from your website compliance! We have sites which were built 12 years ago, way before this came to light. We are proactive in monitoring the situation and will post updates to this blog to advise our customers, how to best handle it. For many, it may be something they can’t handle themselves and need us to do for them. If this occurs, we will charge based on the time spent to implement required functionality in relation to this new EU cookie law

Conclusion

It’s vital to comply with regulations, but there’s flexibility built into the UK cookie law enabling various responses to a range of compliance risks. Take practical steps to comply and the chances are you’ll be compliant; it’s that simple. Doing nothing is the worst thing you can do right now.

Order Cookie Audit

We charge £75 + vat to perform a cookie audit on your website which you can act on yourselves or £150 + vat to perform the audit, prepare a privacy policy and install a cookie opt in / opt out tool. Contact us directly to request this service.