June 26, 2012

The New EU Cookie Law Explained

Business, Web Design

On May 26 a new European Law came into effect in Britain. Nicknamed the cookie law, it effects nearly every British website. I am no lawyer and thus can not give any legal advice, however I can explain a little more about the law and show what other websites are doing to implement it.

What is a cookie?

A cookie is a small text file that is stored on a users computer. They are designed to hold a modest amount of information to help the website identify them. Nearly every website on the internet uses cookies. Your website may use cookies for

– An e-commerce cart and checkout process

– Web analytics (such as Google Analytics)

– A comment system on a blog

– Signing into a website

– Filling out forms on a website

– Remembering preferences on a website

Really the list is endless and it is very rare to come across a website that doesn’t use cookies. In fact one website estimates that 92% of all websites in the EU use cookies.

 

What is the new law all about?

The new law has been designed to protect the privacy of web users. It dictates that users must “consent” to cookies being used on your site. The simple way to do this would be to have pop up asking new users if they consent to cookies being used for the functionality of the website.

Another, slightly more vague method, is complied consent. The guidance notes for the ICO (Information Commissioners Office) included the following…

“Information Commissioner’s guidance made it clear that although an explicit opt- in mechanism might provide regulatory certainty it was not the only means of gaining consent. In some circumstances those seeking consent might consider implied consent as an option that was perhaps more practical than the explicit opt-in model.”

 

What are other companies doing?

The majority of websites are ignoring the new EU legislation. In fact most of the websites belonging to the government have not implemented the new law yet. The Telegraph recently reported that four out of five British businesses ignore the new laws and don’t make any changes to their website.

This is down to the vague nature of the new law. It seems that large organizations are likely to be the first to be targeted for not being clear about cookies. Because of this, many smaller organizations and businesses are waiting to see how the law is implemented before they make changes to their websites.

However some websites are already starting to make changes to their website.

 

BT have opted for a popup box to tell their users about cookies and give them the option to accept or change the settings.

bt cookie law example

 

John Lewis have taken a less direct approach by adding a box to their homepage that links to a page about privacy and cookies.

john lewis cookie law example

 

Play.com have gone a step further, simply adding a link at the bottom of their page to their privacy policy and cookies page.

play cookie law example

 

Which Cookies Does My Site Use?

The best way to find out which cookies your website uses is by conducting a cookie audit. Some websites will try and charge you to do this but it’s not too hard and you can do it yourself.

There are various pieces of free software and extensions in firefox and chrome that guide you through this process and help you find which cookies your website uses (one example for Chrome is found here). Some web browsers make a list of cookies accepted from your website that can be viewed under tools.

 

How Can I Comply?

Now that you know which cookies you use, it’s time to be honest and upfront about them with the visitors of your website. They are various ways you can do this. Some websites use popup boxes (like BT in our example above) or a bar at the top of their site. This is probably the clearest and safest method to use. Or you could follow the example of John Lewis and Play.com by writing a privacy policy with a clear section about cookies and adding a link to this on your website.

 

What Will Happen If I Don’t Comply?

That’s a hard question to answer and even the ICO (the organisation which will be implementing this law) are unclear about the answer. In the video below they hint that letters may be sent out to website owners that don’t comply, giving them guidelines on how to implement changes. Below is the video from the ICO website.

You can find the guidelines the ICO provide by clicking here. If you need any more information or help implementing the new law, feel free to get in touch via our contact page.

 

A 2015 Update:

We have found over the last year that a large number of UK websites have started implementing a pop-up bar to notify users that they use cookies and we now feel that this is the safest and clearest option to use.

Like what you see? Start Your Project