As of Saturday 26th May 2012 all UK websites should follow the rules set out in the EU Cookie Directive to ensure their website is compliant. Broadly speaking, the legislation requires all websites to be up front about any cookies used on the website and how these affect the site visitors.
Failure to do comply in the UK could result in enforcement from the ICO. They have a number of options, but most likely in the first instance they would seek a commitment to comply within a deadline. Their ultimate sanction is a financial penalty currently set at £500,000 for serious and deliberate abuse of the guidleline.
Realistically given the many hundreds of thousands of websites present in the UK, I don’t think it’s worth getting our knickers in a twist about it.
Having said that, being seen to make an attempt to comply is worth some simple effort.
OK, back up a mo’ – what is a ‘cookie’?
A cookie is a small file stored on the local computer of a visitor to a website.
They are not viruses or bugs, just files which are created for a variety of uses, for example, to remember the postcode you just typed in, or to remember the products you added to your shopping cart, or to remember your site information preferences. Some are are used by website owners to count site visitors or behaviour so they can make the site work better, and some are used by advertisers to understand your shopping habits and preferences. There are other uses, but you get the idea.
If you want to get in real deep, you can read more about cookies here: http://www.allaboutcookies.org/
The EU Cookie Directive
The Privacy and Electronic Communications (EC Directive) Regulations 2003, and later amendments, resulted in the UK Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.
This came into ‘law’ this time last year, but the ICO (Information Commissioners Office) decided to delay enforcement for a year (until 25 May 2012) to give UK website owners time to comply.
It’s fair enough to say, that as a result, most folks just put the whole thing on the back burner and got on with life as normal.
The deadline is however now looming. So what does it mean to you?
The New Cookie Rules
So if your website sets cookies, then the rules are basically as follows:
- tell people that the cookies are there
- explain what the cookies are doing
- obtain their consent to store a cookie on their device
There are some exceptions, mainly those cookies used to deliver a service requested by the site visitor. For example those cookies used by online stores to remember which goods you put in your shopping basket, and therefore to check out when you finish shopping.
Cookies that are NOT excepted are those designed to capture ‘personal information’ unrequired by the website visitor, for example analytical data, for say Google Analytics.
How Can I Comply with the Cookie Directive?
Firstly you need to perform an audit of your cookies. These include your site’s own cookies as well as 3rd party cookies (eg. Google Analytics, or streaming video services)
Next you need to provide site visitors with detailed information about your cookies, and how the use of these cookies could affect them.
EU Cookie Directive Compliance Service
Price from £50.