Blog

They’re technically known as the Privacy and Electronic Communication Regulations, but you might know them as the EU Cookie Law. This is the new directive that comes into effect on 26th May 2012 and that requires websites to gain the consent of users when they want to run most cookies on that website.

The vast majority of websites currently use cookies and, as it stands, many of them are breaking the law as most websites don’t ask for users’ consent before utilising the cookies. There are different types of cookie though, and some of them are exempt from compliance with the Cookie Law. Generally speaking, those cookies that are exempt are the ones that are essential to the operation of a website. For example, if you have to log in to a website to use its service, a cookie will be needed to remember that or else the service will not work.

However, even though some cookies might be used for operational purposes, they will still require websites to get consent from users before using them. For instance, this could be the case for cookies that remember a user’s preferences for that site. Other cookies considered to be ‘non-essential’ will also need consent before they can be utilised on a website. Notably, tracking cookies (such as those used by service like Google Analytics or Statcounter) will require permission from users, as will advertising cookies.

The Information Commissioners Office, which is responsible for the Cookie Law in the UK, has offered some suggestions as to how websites can make sure they are compliant with the new law. These include getting users to agree to cookies when they accept website terms and conditions, obtain consent when users choose certain settings, obtain consent when users utilise certain features, or utilise tools such as headers or pop-ups in order to gain consent.

For an example of how consent can be gained from users, pay a quick visit to the ICO website. Across the top of the screen you will see a header that requires you to tick a box that states ‘I accept cookies from this site’. It appears that this is a one-time thing. Once you have accepted the cookies from the ICO website, if you then leave the site and come back, it doesn’t ask you again to accept the cookies.

Guidance from the ICO suggests that the person who is responsible for setting a particular cookie should be responsible for the compliance of that cookie with the new law. For instance, if a third party advertiser were to place an ad on our website, they would be responsible for ensuring it complied with the law. However, if we were to use Google Analytics cookies to track our site statistics, we would be responsible for those cookies. The difficulty arises when a third party, such as an advertiser, doesn’t actually have a means of obtaining consent because the website is not theirs. This means that in practice it is much likely to be easier for the website owner to take responsibility for obtaining consent for all relevant cookies.

There is therefore likely to be a need for website owners/operators to liaise with any third parties in order to find out the exact nature of the cookies placed on a particular site since an owner might not always be entirely aware of this.

There are clearly quite a few ways in which a website could choose to obtain consent from users for their cookies, but no matter which method is chosen, the most important thing is that users are given an informed and clear choice. It is important to note that this might also mean that websites have to update their terms and conditions or privacy policies in order to ensure they comply with the new Cookie Law and so that users can read more about the kind of cookies that are used on a particular website.

As it stands, the majority of websites are thought to still be in violation of the Cookie Law, with many holding on to see how other websites (such as key government sites) deal with the new regulations. However, the law is due to come into effect very soon, and so if websites have yet to take action to comply with the directive, they would be wise to start forming a strategy now so that they do not fall foul of the ICO and find themselves in trouble.

Next time, we’ll be taking a look at how the Cookie Law affects tracking cookies such as Google Analytics. For now, if you want to find out more about the Cookie Law and different types of cookies and how they will be affected, the International Chamber of Commerce has produced a useful guide.

By Chelsey Evans

Follow @AmpheonLtd