Following on from our earlier cookies newsletter, informing you of the EU Cookie Law changes, we wanted to give you further sensible advice on how to approach the new requirements and make sure your website doesn’t become an obvious target for the Information Commissioner’s Office (ICO), when they begin investigating compliance after May the 26th.
This law arrived in May 2011 but any enforcement was pushed back to May 2012 (See our previous newsletter on the cookie update). Of course, May 26th 2012 isn’t really very far away so please read on to see what’s expected and some of the options that are available to you.
A reminder about what’s changing
What different types of cookies are there?
There are many types of cookies available and different sites will use different cookies; however, the majority will fall into the following broad categories:
- Strictly Necessary Cookies
These cookies are essential to the main function of the site you are browsing. For example, on an e-commerce site, cookies are used to remember items in your shopping basket and transfer security data to allow you to pass from one secure area of a site to another. i.e. from the shopping cart to the payment page.
- Performance or Analytics Cookies
These cookies collect anonymous information such as the number of visitors to a site, the time spent on pages and where people go on a site. The do not collect personal user information or machine details. Examples include Analytics or affiliate tracking.
- Functional Cookies
These cookies remember information to enhance your visit. They might store information such as your location, custom settings on a site such as layout, text size etc. They can be anonymous and will most likely be served from the website which you are visiting (these are therefore often referred to as 1st Party Cookies – differentiating them from 3rd party Cookies. See below).
- Targeting, Advertising or 3rd Party Cookies
These cookies are normally 3rd Party cookies used to control the display of relevant advertising to users and/or monitor the effectiveness of advertising campaigns. The adverts are usually placed on the site with the permission of the website owner and information is often shared with advertisers and other organisations.
What options are available for ensuring compliance?
- You do nothing and rely on your users’ browser settings as a sign of compliance. For example, if your user’s browser settings are configured to allow all cookies, this is can be seen as compliance; however, this must also be done in conjunction with the provision of more information to your users about the cookies being used.
- Adding a header bar or pop-up on your website to advise users that your site uses specific types of cookies. Whatever method used will bring user attention to inform users of the cookies being used on the site and request consent in the most appropriate fashion before the user can use the site to its full extent.
You can see examples of various approaches at the following sites:
A straightforward banner on the The Information Commissioner’s Office Website
BT's site offers a pop-up choice and cookie settings at the bottom of their site
Delia Online shows a pop-up to advise that the work is in progress and directs users to more information on cookies used by the site.
This is a lot of information to absorb; however, we’d certainly rather everyone avoids the prospect of a phone call from the ICO asking why nothing is being done to advertise the cookies used or gain necessary consent. Opinions differ as to how the ICO might go about their investigations but these are speculative, and so, even if you are not fully compliant on the 26th, you should at least have begun to make the move towards compliance.
The above is based upon our understanding of the new regulations; however, as with any legislation, we would recommend you seek your own legal advice.