Read our latest news articles from the NXT Digital Solutions team.
by Richard Matthews Technical Director
Posted on June 07, 2012
Following on from our previous blog last year regarding the EU announcement on cookie legislation, we have written part 2 on this subject as a guide for our customers and those who are interested. This guide is our suggestions for an appropriate response to the legislation and practical ways to keep your website compliant.
As a background to the subject, 'Cookies' are small text files that are stored by the browser (e.g. Internet Explorer or Chrome) on your computer or mobile phone. They allow websites to store such things as user preferences. You can think of cookies as providing a "memory" for the website, enabling it to recognise a user and respond appropriately. Cookies are used for varying reasons, from site performance, analytics, geo-targeting, registration systems and third party advertising. Most websites have web tracking for collecting information about visitors to the site.
The most popular and widespread cookie usage will be associated with Google Analytics (GA) web tracking - which we use across all of our client websites. The Google Analytics tracking code is set by JavaScript and augmented by the proprietary GA tool. It sets four cookies automatically. Google Analytics sets a first party cookie.
The EU Cookie Directive stipulates that all cookies must be given "consent". Because Google Analytics is first party cookie consent is needed only once. In other instances where a third party cookie is deployed a new consent for each deployment would be needed. For example each time a user visited a site. Google has previously agreed with the EU that Google Analytics cookies would be limited to a 24 month lifespan. Prior to this Google set anything up to and beyond a 30 year expiry on cookie files.
In early May 2011 the ICO issued guidelines on how to interpret the new EU Cookie Law. In the PDF document entitled "Changes to the rules on using cookies and similar technologies for storing information" they say: "An analytic cookie might not appear to be as intrusive as others that might track a user across multiple sites but you still need consent. One possible solution might be to place some text in the footer or header of the web page which is highlighted or which turns into a scrolling piece of text when you want to set a cookie on the user's device."
A recent survey by Moore Stephens Law Firm found that only 10% of technology companies were compliant. Read their article here.
Our quick suggestions to comply are as follows: