Website cookie regulations
From 26th May 2012 the EU ‘cookie law’ came into effect in the UK. This means the website of every UK (and EU) business that uses cookies must:
- tell people they are being used
- explain why
- get consent
That’s the short explanation. You may not be surprised to hear that it’s not quite so simple, because there is confusion about which cookies are subject to this law, how various aspects will be interpreted, and most importantly the consequences of failure to comply. While we have tried to give a clear explanation in this article, this represents our understanding and should not be considered legal advice or a guaranteed solution.
EU Cookie Law: Let’s start at the beginning
Cookies are small files stored on your computer when you visit a website, and mostly store anonymous information to help personalise your experience. For example if you ask a website to 'remember me' when you log in, or if you add products to an online basket so you can see it again later, this often uses cookies. More controversially, cookies can also be used to track visitor activity and likely interests.
Visitors can already decide whether to have cookies enabled or disabled by changing their browser settings, but this is no longer considered enough. The new law requires that visitors must actively agree to the use of cookies that are not ‘strictly necessary’, i.e. those used for tracking and advertising. This includes third party code used on your website, for example Google Analytics, some social media code, and adverts.
The new UK law follows part of an EU directive on privacy, and it will be the responsibility of the Information Commissioners’ Office (ICO) to take action against offenders.
So how does the new EU cookie law affect my website?
If you don’t use cookies this won’t affect you, but most websites do use cookies in some way. As this is a new law the potential implications are quite broad, and the real consequences will only be determined by cases in court. For this reason we cannot give you a perfect solution or guarantee to comply with the law; in fact no-one can, and even the ICO itself has been reluctant to be specific.
In essence, it’s up to you how seriously you want to take this, but you basically have three options.
1. Do nothing
It seems unlikely that small or medium businesses will be targeted by the ICO for prosecution, and the problem may well be solved by changes to the browsers themselves. This law is apparently aimed at third party code that subverts people’s privacy, which the vast majority of websites do not. And even if the ICO does take exception to your website, it will probably give you a chance to resolve the issue before taking action.
2. Do the minimum
By clearly explaining the situation to visitors, you are demonstrating willingness. You could simply add a pop-up or banner saying that you use cookies, and link to a very clear explanation of why you use them and how the visitor can disable them through the browser.
3. Go the whole hog
Although we cannot guarantee this solution, based on the guidance from the ICO it seems that you need to ask visitors to actively say they want to use cookies (“opt in”), rather than just allow them to opt out. This means you need to ask every new visitor to agree to cookies, and if they don’t agree then disable any use of cookies for that visitor. This could be quite detrimental, for example meaning that some visitors cannot be tracked by Google Analytics or shown third party adverts.
However, the effect really depends on how you present this option. Unsurprisingly, the ICO themselves have a very clear message requiring visitors to tick a box and click a button to register their approval, which has resulted in 90% of their visitors opting out. On the other hand, the BT website offers people the choices of “change settings” or “no thanks”, and most of their visitors continue to use cookies because it’s the easier option.
Need help complying with the cookie law?
First of all you need to find out if you’re using cookies. Whether you’re a client of Bluelinemedia or not, we’re happy to provide a free cookie review of your website to tell you how you’re using cookies and what you should do about it.