Some people may be aware of this and others not so much, but it will affect over 95% of the UKs websites. As of the 26th of May 2012 a new cookie law has been rolled out after having a year’s grace, which states:
A visitor;
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information;
(b) is given the opportunity to refuse the storage of or access to that information
Source: http://www.ico.gov.uk
The scary fact is that most websites will be using some form of cookie that tracks user data or information. Data gathering cookies can come in many forms:
- Analysis of visitor behaviour (known as ‘analytics’)
- To personalise pages and remember visitor preferences.
- To manage shopping carts in online stores
- To track people across websites and deliver targeted advertising
As developers and business people we now need to insure that we are making our cookies compliant and included in our privacy policies.
What can we do?
Self Audits:
We can use free cookie audit tools and extensions for Google Chrome that will show you all the cookies you are using and which need to be made compliant.
Managed Audits:
Hire a company to find out the information you require and to correct any issues you may have on the website, for further information please contact us we would be more than happy to help you out.
Not every cookie will be breaking the law, cookies that are deemed strictly necessary to provide services to the visitor are ok. Examples of necessary cookies are the login process of a shopping cart website or the check-out process when buying goods.
Some key points found on the ICO website are:
- More detail on what is meant by consent. The advice says ‘consent must involve some form of communication where an individual knowingly indicates their acceptance.’
- The guidance explains that cookies used for online shopping baskets and ones that help keep user data safe are likely to be exempt from complying with the rules.
- However, cookies used for most other purposes including analytical, first and third party advertising, and ones that recognise when a user has returned to a website, will need to comply with the new rules.
- Achieving compliance in relation to third party cookies is one of the most challenging areas. The ICO is working with other European data protection authorities and the industry to assist in addressing the complexities and finding the right answers.
- The ICO will focus its regulatory efforts on the most intrusive cookies or where there is a clear privacy impact on individuals.
It is our suggestion that implementing a cookie policy and putting it on the website for users to see will develop awareness and also contributing in safeguarding your business.
Next Step
The one way to help prevent any issues will be to get full consent off all your visitors.
So how do we get consent from our users?
- pop-ups with “accept before proceeding”
Is one of the most common approaches; however the risk is if they opt-out what effect will it have on the website?
It is crucial in identifying the correct cookies to opt-in/opt-out from and what can be used as an alternative solution.
Some businesses may want to risk it and not bother getting consent from the people browsing the website, our advice is DON’T unless you want to risk paying a fine of up to £500000. Try not to panic! The Information Commissioner, Christopher Graham said:
“Come 26 May next year, when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there.”
Begin making your website compliant today and show that you are implementing the correct steps and following the law. For further advice on the subject please contact us or download the free cookie audit tool!
