«
»

The Cookie Law: What You Should Know

Published May 18, 2012 | By chads

cookie legistlationThe UK Cookie Legislation will be enforced from 26th May 2012.

The EU legislation on the use of cookie forces websites to request permission from their web visitors before cookies can be used. Previously, website visitors could ‘opt out’ of cookie use, now they must ‘opt in’ and it is the site-owners responsibility to ask them to do so.

What is a ‘Cookie’?

A Cookie is a text file which a website places onto a visitors’ computer in order to store information, mainly specific to that visitor. Often this is to make the site easier to use , particularly if the visitor returns. An example would be if you allow visitors to choose the size of the text on your web pages to make it comfortable for them to read. Your website will drop a cookie onto their computer to allow your site to remember their text preference so they do not have to choose every time they come back to the site.

You can see simple video explanation here of how government websites use them.

On an ecommerce website you might drop cookies to allow visitors (and you the seller) to be able to see their purchase history, and their browse history so they can see items that they have already viewed as they have looked through the site.

Some cookies are essential to the working of a website. For example, the only way to remember what is in your shopping cart as you move through an E-commerce website is to drop cookies.

If you’re using  analytics software such Google Analytics then your site will be using cookies to track the page visits.

92% of UK websites currently use cookies in some capacity on their website. A Cookie is NOT a virus.  Many cookies are used to make the experience of using a website better and disabling cookies may prevent a visitor from using certain aspects of a website’s functionality. If your website does any of the following, then you will be using cookies:

  • Uses Google Analytics or similar to track page visits
  • Uses  plugins such as Twitter feeds or Facebook Like buttons
  • Embeds YouTube Videos
  • Has a content management system (CMS)
  • Allows visitors to log in
  • Uses any sort of “remember my settings” style functionality

Types of Cookies

  • A First Party Cookie is set directly by the website being visited.
  • A Third Party Cookie is one such as placed by Google AdSense, AdWords and Analytics. These cookies are set by a domain other than the one being visited by the user, but are placed through the website being visited.
  • A Session Cookie is only stored on the visitor’s computer until the visitor leaves the website and then they are deleted. An example of this would be if you have to login to a website each time you visit it, then it is using a Session Cookie to store your login details. Session cookies are considered less intrusive than persistent cookies.
  • A Persistent Cookie is cookie is downloaded onto the visitor’s computer and used to identify a visitor whenever they return. All persistent cookies do have an expiry date (usually 30, 60 or 90 days). Once that expiry date is reached, the cookie will be deleted.
  • A Secure Cookie is only transmitted via HTTPS. You would typically find this in the checkout pages of eCommerce sites. This ensures that any data in the cookie will be encrypted as it passes between the website and the browser.

Does the Cookie Law affect me?

If you’re based in the EU, this law affects you.

The law relates to the use of ‘non essential’ cookies. All websites in the EU are now required to ask a visitor’s permission before placing non-essential cookies on their machine. Cookies which are deemed not “strictly necessary for a service requested by a user” such as visitor tracking codes, advertising and most Google Analytics tools are now illegal under the EU Cookie Law unless the visitor has accepted their use.

You, as the website owner should now ask consent from the visitor before you  use non-essential cookies. It is no longer sufficient to simply have a privacy policy on your website. Nor can you simply rely on visitors who wish to do so, changing their cookie settings in their browser to block websites from storing cookies on their machines.

Cookies that are necessary for the working of the website (Eg: Cookies used to remember which items you have placed in your online eCommerce shopping cart, or whether you’re logged in to a website or not) are allowed without the need to opt in.

What do you need to do to comply with the Cookie Legislation?

To comply with the new legislation you should make information about the use of cookies on your website transparent and easy to find, and ask visitors to your website to give their consent or opt-in to the use of cookies.

You should now:

  • Find out what cookies your website uses, what they are used for (purpose) and what data they hold.
  • Assess how intrusive your use of each cookie is to the user’s privacy. Establish whether these cookies can be linked with personal data such as a username or email address.
  • Find out whether they apply to the session (just that visit) or if they’re persistent cookies (applying to future visits).
  • Check that your Privacy Policy includes accurate information on each cookie being used.
  • Give visitors a way to give consent to the use of  cookies.

The Information Commissioner’s Office (ICO) suggest using pop-ups or similar techniques such as message bars or a header bar to ask your website visitors for permission.

You may see an example of this kind of feature on our website. We only use 3 cookies: cookies placed by Google Analytics, one placed by our contact form to verify that it is being completed by a real person and a cookie which is set if a visitor agrees to accept these cookies! See an example of a Cookie Compliance pop-up.

What is the penalty for failing to comply?

If you fail to implement the required changes on your website then there is a potential fine of up to £500,000 in the UK if a breach of the law has caused “substantial damage or substantial distress”.

Our thoughts on this matter…

Whilst like any technology, cookies can be used for good as well as ill, the directive could make the web less accessible for all, unless the ICO introduce more flexibility. The thinking behind it is good, but the method of implementation could make visiting websites tiresome if a choice has to be made for every new site visited.

Large numbers of websites have not made any attempt to comply with the directive as yet and it will be interesting to see how and if this will be enforced.

You may like to wait and see what happens, but our advice would be to at the very least to ensure your privacy policy is up to date, lsits the cookie you use and is easy to find. That means not just via a small-print link on your footer.  This would show that you are at least trying to get implied agreement to the use of cookies from your site.

You can read our privacy policy here.

Further reading and resources:

You can find more information on The Information Commissioner’s Office website:  http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx

Read the UK’s Information Commissioners Office (ICO) guidance document - read here

Posted in Website Owner help | Tagged , ,

Comments are closed.

Chadwick Design provides affordable and accessible web design and website hosting for businesses in Stamford, web design for Peterborough, Oakham, Uppingham, and the surrounding districts in Cambridgeshire, Lincolnshire, East Anglia, Rutland, Northamptonshire, Leicestershire, Nottinghamshire, and web design for Derby and East Midlands.

Are you looking for a small business website or a complete E-commerce solution? We can help!

© Chadwick Design 2013.