What is the Cookie Law?
The EU’s Privacy and Communications Directive, more commonly known as the Cookie Law, came into effect on 26 May, 2011. However, the ICO (Information Commissioners Office) – which regulates data privacy in the UK – gave UK websites a 12 month grace period before they planned to begin enforcing the law.
In simple terms, the EU Directive means that users of websites must opt-in before the website owner can store ‘non-essential’ cookies on their website.
Why has it been introduced?
The new law is intended to help protect people’s privacy. For example, if you search for something on Google, they use cookies to remember this. Another website may then use these cookies to target ads at you because they remember who you are.
The majority of small websites don’t do this, but they are likely to track visitors to their site via tools such as Google Analytics and to use social media plugins like Facebook Like buttons.
Are all cookies affected?
The law applies to nearly all cookies, regardless of where they are from or what information they contain. However, cookies which are considered ‘strictly necessary for a service requested by a user’ are exempt.
These include:
- Cookies to remember goods added to your shopping basket
- Cookies required for security, for example when using online banking
- Cookies that help ensure pages load quickly by helping distribute workload to the browser
How does this affect websites?
If websites are found to be breaching this legislation, they will face up to a £500,000 fine. As over 92% of websites currently use cookies, the overwhelming majority of websites in the EU will become illegal when the law is enforced on May 26th 2012.
Site owners essentially have three choices:
- Ignore the law
- Drop cookies and lose analytics and the ability to adapt to users
- Display a popup and seek user agreement to store local cookies.
If site owners choose to continue using cookies on their website, they must get consent from each visitor to store cookies on their computer.
Originally, the law stipulated that websites required ‘explicit consent’ from users to be able to continue with the use of cookies – basically, the users needed to ‘opt-in’.
However, in the UK the ICO has now stated that ‘implied consent’ is enough – so users now ‘opt-out’.
Below are some examples of how other sites are obtaining consent to use cookies:
Does responsibility lie with the web host or the site owner?
The law is linked to the owner of the site. Where your website is hosted does not make any difference. Enforcement agencies will pursue the owners of the websites, so the location of the legal entity that is the registered owner is what is important.
What should website owners be doing?
Audit
Audit your site to see what cookies it uses.
Bigwave Media have audited all of the sites it hosts to asses which cookies are used on each site.
Interpret
Assess the cookies that each website uses against the legislation; this can be found here.
If you are unsure of the purpose of any of the cookies, research them. Depending on how intrusive the cookie is, there is a chance you’ll need to gain higher levels of consent from your site visitors.
Act
Although the law comes into effect on 26 May 2012, the ICO has indicated that the most important thing is to take steps towards obeying the law. No one should ignore it, but prosecution is unlikely if it is demonstrated that a site is moving towards full compliance.
As adding an opt-in requires knowledge of website coding, Bigwave Media are developing and installing a plugin that will enable a message line to appear at the top of every website to inform the user about the cookies used and to allow the user to accept the cookies.
Bigwave Media Clients
Two options will be available to all Bigwave Media contract and non-contract clients:
1) A standard plugin to ensure the site is compliant
2) A bespoke plugin to look more aesthetically pleasing and give the end user more control
All clients will recieve communication about the options and plugins will be installed this week.