EU Cookie Law
There is much discussion of cookies due to new EU Cookie Law which has been designed to protect the privacy of internet users. The law requires websites to obtain consent from visitors before they can store or retrieve any information on a computer or any other web connected device. It started as an EU Directive that was adopted by all EU countries on May 26th 2011. Website owners have until May 26th 2012 to comply.
With the deadline this weekend I asked Stephen Berry, eMarketing Manager at Radiator a few questions about the EU cookie law and this is what he had to say:
What are cookies?
A cookie is a small, harmless text file that is placed on your computer or device when accessing certain websites. The information stored in the file is typically made up of letters and numbers and should not contain any personally identifiable information.
What different types of cookies are there and why are they used?
Firstly there are two categories of cookies – session cookies and persistent cookies:
- Session Cookies exist only for the duration of a single visit or ‘session’ and are removed when you leave the site or close the browser window.
- Persistent Cookies are stored on the device and, as the name suggests, will persist even after the visit to the website ends which
Cookies can then be further classified depending on the website or domain which creates them and are called first or third party cookies:
- First party cookies are set by the website visited by the user and only accessible by that site in the future
- Third party cookies are set by a domain other that the current one being viewed and will be accessible to that domain for subsequent visits to all websites that use their service
Do all cookies need to be consented to?
Some cookies are used for essential functionality like shopping baskets and logging in to user accounts – cookies for purposes such as these are exempt.
For non essential functionality such as web analytics, facebook plugins and banner advertising it is likely that they will be affected by the law.
What steps should be taken to comply with this law?
The first step for any website owner should be to perform a cookie audit their site to find out what cookies they are using and how they are being used.
Following that you should determine how intrusive they are and thus whether they need consent or not.
Where consent is needed you will then have to decide the best way for your site to seek the visitors’ permission before setting these cookies.
Does this new law make the way you do your job any different/challenging?
As users will now have to opt-in to receive cookies before we should use web analytics tracking code we expect that the amount of data we collect about their visit will substantially fall.
In the short term this will make internet marketing and e-commerce in particular challenging because we will not be able to monitor and improve their experience as easily.
Can you comply without harming your business?
Compliance will not harm your business directly but of course in the future a lack of data on your websites performance could hamper your ability to increase conversions and sales.
Therefore it is essential to implement a good solution that will educate your visitors, give them full control and make it easy to consent.
What will happen to people who are not compliant?
The Information Commissioners Office (ICO), who are responsible for implementing the law in the UK, have stated that it will be very difficult to fine companies for non compliance and would only foresee monetary sanctions for the most serious breach.
They understand that it can be complicated and could be costly for some websites to be fully compliant and in these cases all they are looking for is that you are taking reasonable steps and are moving towards becoming compliant in the near future.
Instead, they are likely to undertake a consultation process to help sites that don’t comply to put a realistic plan in place in order to do so - of course in doing so they will expect you to follow that plan.
Does this law just cover cookies or is there other privacy issues covered in the law?
This law is an amendment to the 2003 EU directive regarding privacy and electronic communications so although the rules governing cookies is now much stricter website owners should make sure that they conform to the full set of rules concerning privacy that was set out then.
What is your opinion on the EU cookie law?
I understand the sentiment behind the law and all website owners and visitors should be aware of and understand what cookies are being used and why.
I feel strongly that web analytics packages such as Google Analytics that do not collect personally identifiable information like email or IP addresses should be exempt from the law because it has the potential to harm e-commerce in the UK and give us an unfair disadvantage when trying to compete in the international market place as it adds an extra barrier to sales.
Having said that, if you are not already doing so you should be seriously thinking about putting a plan in place to comply and implement this as soon as possible.
Download the latest ICO cookies guidance (May 2012)
There are currently no comments on this post - be the first to comment using the form below.