This means that, as of yesterday, if you’re a website owner you’ll need to gain “explicit” consent from your visitors if you want to place a cookie in their browser, furthermore you’ll need to provide “clear and comprehensive” information about why you want to store these cookies.
So how does this effect you?
What is a cookie?
Cookies are simple text files that sit in your web browsers and store user information, in the most part they make browsing the internet quicker and easier. They can be used to remember your passwords and to help personalise your browsing experience by displaying more relevant content based on your browsing habits.
Does the law apply to all cookies
The new directives only target those cookies that could be deemed “intrusive” by users. With these cookie you’ll need to decide whether you’re going to have them removed, altered or what solution you’re going to take to gain consent from your visitors.
The good news is; “Strictly necessary” cookies wont be affected by the new regulations and these include those cookies that allow your visitors to add items to their shopping baskets and then continue browsing before proceeding to checkout. However the exception will not apply, to cookies used to track users or to help make the website more attractive because it remembers users’ preferences, or cookies are used to collect statistical information about the use of the website.
What will I need to do to make sure my website is legal?
Well firstly don’t panic, just yet. Given the confusion surrounding the new directive the UK government has said there wont be any “overnight changes” and the ICO (Information Commissioner’s Office) says it will give business and organisations one year to “get their house in order”. So basically the law wont be enforced and no one will be penalised for until at least this time next year.
How can I get consent?
The ICO doesn’t agree that using browser settings is a satisfactory method to gain consent so for the time being the onus is on you as a website owner.
Pop-ups – Although they can detract from the user experience, they are probably the simplest method of grabbing a users attention and asking for consent.
Settings-led consent – If your website has features such as a choice on languages then when a user chooses their preferences, they can be alerted to the fact that a cookie will be used.
Tracking icons – Some big advertisers, including AOL and Google, have committed to placing recognisable icons on any ads using tracking technology.
What happens if I don’t do anything?
According by the ICO, failure to take any action before 26 May 2012 will result in a fine of up to £500,000 in the UK. However this sounds like a unrealistic figure simply being promoted to try and get website owners to take notice. It seems more than likely that a slap on the wrist followed by a “take action with 30 days” email seems more likely than a fine of half a million pounds.
Website owners are advised by the ICO to conduct a full audit of their sites to analyse what types of cookies are strictly necessary. Our advice would be to wait, if we’ve built your website we will contact you in due course when the new legislation is a little clearer and we’ll advise you what action, if any, you’ll need to take.
What will all the fuss mean to users?