The EU Cookie Law

Posted on May 25, 2012 by Mike

No, it’s not the chaps in Brussels interfering with our biscuits, it’s the implementation of EU online privacy legislation that could potentially affect every website in the UK.

So what is the EU Cookie Law?

First things first. Cookies are small text files that are written to your computer when you visit a website. They’re used for all kinds of reasons – helping the site to remember which pages you have visited, remembering who you are, and measuring the performance of the website (Google analytics uses cookies).

In May last year the EU brought in legislation requiring that all EU websites allow visitors to choose whether cookies are written to their computers. Actually most modern web browsers allow users to have full control of what cookies are allowed, but, according to the legislation, it’s website owners that are responsible for making sure that visitors are a) informed; and b) in control.

The main targets of the legislation are the sites that track personal data – location information, shopping habits etc, but ALL cookies are included (unless it can be shown that the site won’t work without them).

The UK government has interpreted the EU’s rules to mean that websites using cookies must allow visitors to actively OPT-IN to using them (rather than opting out by switching them off in their browser). The actual wording of the legislation is complex, but the general gist is that all website owners must a) provide information about cookies used on their site and b) obtain the visitor’s consent to store a cookie on their computer (or any other web-browsing device).

See the guidance from the ICO here

When does the law come into force?

The law has been in place since May last year, but the Information Commissioner’s Office (ICO) will start to enforce it from the 26th May 2012.

So why haven’t I heard of it?

A good question. For a piece of legislation that potentially affects thousands upon thousands of website owners in the UK, the publicity surrounding this new law has been most notable by its absence; and you won’t have seen many sites rolling out ways to let visitors opt-in to cookies either. The ICO (The government body in charge of enforcing the law) has complied with a drop-down panel that shows the kind of thing that’s required (www.ico.gov.uk); the FT has a slightly different take on it (www.ft.com) and the Guardian has gone for a more passive ‘Ignore this message to give your consent’ approach (www.guardian.co.uk); but generally you’ll struggle to find a site that has complied with the law ahead of the 26th May deadline (including most other .gov.uk sites).

So can I just ignore it?

The maximum fine for non-compliance with the EU Cookie Law is £500,000, so our advice would be “No you can’t”. However, the ICO’s enforcement policy is that the maximum fine can only be levied in the most serious cases, where serious harm has been caused; so not giving your customers the option to turn off Google Analytics on your site by the 26th of May is unlikely to bring down the full force of the law. (please bear in mind though that we’re designers, not lawyers, so our opinion is unlikely to stand up in court). Also, in an article on The Guardian’s website entitled ‘Share cookies compliance expertise says ICO’, a senior ICO policy manager said that public sector organisations should be working towards compliance, but that he would be concerned if they rushed into being compliant by the May deadline without adequate testing; hinting that, for the public sector at least, there would be some leeway in the deadline.

So what should I do?

Fortunately, for most sites, complying with the EU cookie law is relatively straightforward. There are already a number of open source scripts available which will allow visitors to disable cookies, and it’s a fairly safe bet that the choice of solutions will increase once larger companies start to comply. We’re currently testing various options and will be able to advise on a solution that’s right for you.

There are three steps to compliance:

The Cookie Law boils down to two main rules:

  1. You must provide clear and comprehensive information
    about any cookies you are using
  2. You must obtain consent to store a cookie on a user or subscribers device

So to comply with the law, website owners need to take the following action:

  1. Have your site audited to see what cookies, if any, are being used
  2. Update your privacy policy to include information about each cookie and what it does
  3. Install the Opt-in script that’s most appropriate for your site

Here comes the sales pitch!

All clients whose websites are managed by InSync Creative will receive a free site audit to let you know if you need to take any action.

If your site uses cookies, we will install a front-end Javascript to make it compliant and update your privacy policy with the relevant information for just £250 per site.

If we don’t manage your site, don’t worry. Just get in touch and we’ll be happy to give you a quote to make your site compliant.

 

This entry was posted in Website Design and tagged , , . Bookmark the permalink.

Comments are closed.