The Information Commissioner’s Office’s (ICO) one year amnesty on enforcement of the EU e-Privacy Directive ends on 26th May 2012, meaning sites who have not adapted to the new law could potentially be liable to a fine.
What’s all the fuss about?
EU Directive 2009/136/EC, which requires users to consent before web sites harvest data from them, has been worrying website builders for a while. Although the intention of the law appears benign enough – to ensure that website visitors are informed about how their information will be stored and used and that they give consent for that purpose, it poses some problems. Not least of which is gaining informed consent for something that most users do not know about or understand.
What is a Cookie?
A cookie is little packet of information that a website puts on your computer so that it can remember something about you at a later time. Typically, a cookie records your preferences when using a particular site although some also gather information about your browser, terms you have searched for etc. They are usually useful little things that improve your browsing experience by making suitable recommendations – like Amazon’s ‘people who bought this also bought this…’ but they could be used to gather additional information about you.
The directive covers essential cookies which enable a site to work properly like adding something to your shopping basket, as well as cookies that, for example serve up mirror sites to improve download speeds and analytical or statistical data gathering cookies. The important point is that you need to inform people which cookies are used on your site, for what purpose and then seek the consent of your site’s visitor to store them.
The first step is to identify which cookies your website uses, what they are used for and to explain to your site visitor how they are used. Once you have clearly identified the cookies your site uses then you can define each one and seek suitable consent from your visitors.
If you are open and transparent about how you use the information gathered by cookies, then seeking informed consent from your visitors should be a simple matter of a pop-up question, however the grey area is in how this consent is communicated, stored and consent given.
Some sites opt for a blanket ‘acceptance’ of cookies without which the site won’t function. Some adopt an irritating approach of constantly asking for consent until it is given or the visitor moves to another site. Some adopt an approach which ‘assumes’ consent is given once the user chooses to continue using the site. In reality the appropriate means of gaining consent will vary according to which cookies you use and why set against why people are visiting your site in the first place.
BBC.co.uk launched its cookie info banner yesterday, while Channel 4, The Guardian and the Telegraph have launched theirs today. The four approaches are all very different…check out the full article on econsultancy.
Plain Speaking Advice
For clear advice in plain English about how the law could affect you Contact Us today for an informal discussion.