Following on from our previous blog last year regarding the EU announcement on cookie legislation, we have written part 2 on this subject as a guide for our customers and those who are interested. This guide is our suggestions for an appropriate response to the legislation and practical ways to keep your website compliant.
As a background to the subject, 'Cookies' are small text files that are stored by the browser (e.g. Internet Explorer or Chrome) on your computer or mobile phone. They allow websites to store such things as user preferences. You can think of cookies as providing a "memory" for the website, enabling it to recognise a user and respond appropriately. Cookies are used for varying reasons, from site performance, analytics, geo-targeting, registration systems and third party advertising. Most websites have web tracking for collecting information about visitors to the site.
The EU Cookie Directive stipulates that all cookies must be given "consent". Because Google Analytics is first party cookie consent is needed only once. In other instances where a third party cookie is deployed a new consent for each deployment would be needed. For example each time a user visited a site. Google has previously agreed with the EU that Google Analytics cookies would be limited to a 24 month lifespan. Prior to this Google set anything up to and beyond a 30 year expiry on cookie files.
In early May 2011 the ICO issued guidelines on how to interpret the new EU Cookie Law. In the PDF document entitled "Changes to the rules on using cookies and similar technologies forstoring information" they say: "An analytic cookie might not appear to be as intrusive as others that might track a user across multiple sites but you still need consent. One possible solution might be to place some text in the footer or header of the web page which is highlighted or which turns into a scrolling piece of text when you want to set a cookie on the user's device."
A recent survey by Moore Stephens Law Firm found that only 10% of technology companies were compliant. Read their article here.
Our quick suggestions to comply are as follows:
- Check which cookies your website uses. This could be from forms, registration components, advertisement placements and analytics
- Review what the main purposes of the cookies e.g. strictly necessary, performance related, functionality or targeting
- Communicate with third parties that you have relationships with such as agencies and ensure relevant staff are aware
- As part of your annual digital strategy review, include cookies as part of this discussion as they could change with new developments
- Finally, you could just ignore it – but you do run the risk of being fined by the ICO.
For further information on the current legislation and how you can control cookies on your machine, visit either The Information Commissioner’s Office or Your Choices Online.