Cookies are small files that are downloaded to a user’s computer by websites which monitor and report on a user’s activity. They may be as innocuous as a way of checking what browser the site is being viewed on or as intrusive as tracking a user’s surfing patterns across the web.
It’s these intrusive cookies that the EU wants to crack down on by introducing what’s being termed as the “cookie law”.
1: What is it?
Officially known in the UK as the Privacy and Electronic Communications (EC Directive) Regulations 2011, the law seeks to protect the privacy of website users by not allowing any information that could identify them from being stored on their computer and accessed by a third party without their express consent.
2: When did it come into effect?
The Law came into effect on the 26th May 2011 but its enforcement was deferred for one year until 25th May 2012.
3: How will it affect web users?
From now on organisations will now no longer be able to drop or read cookies that can track a user’s personal behaviour without their prior consent. This means that website visitors are expected to evaluate what cookies the site uses and then make an informed to decision to accept or refuse them.
4: How will it affect website owners?
Most websites will use cookies in some way, and since a recent Econsultancy survey found that only 23% of web users would opt into cookies if given the choice, there is huge potential for impact on the web’s performance.
The law, though, does not refer to all cookies. Those that are required for the technical running of a website are allowed. But where is the line drawn? A transactional website that uses cookies to track what items a user has placed in her basket clearly cannot function effectively without that cookie being enabled, but as soon as the website owner starts to analyse a user’s shopping habits then that cookie has become intrusive.
Most site owners will do this completely innocently, of course, and with the desire to personalise and improve their visitor’s experience (as well as upsell and cross-sell products).
Anybody who uses online display ads to promote their business or organisation will be affected. This includes charities such as Oxfam or big online retailers such as Amazon. The law will not differentiate between them. Now web users will have to opt-in to accept ads being displayed on a site they are visiting – a very unlikely chance.
5: What if I don’t comply with the new legislation?
Cookie law in the UK is enforced by the Information Commissioner. The ICO has the power to impose fines of up to £500,000 on organisations that don’t comply with the law. Having said that, they are taking a pragmatic view and realise that site owners are still unsure of exactly where they stand with regard to the law. The ICO has hinted that they will overlook breaches of the regulations if the website owner is actively trying to comply with the law. This, however, is unlikely to be the case after the end of 2012.
6: What can I do about it?
Well the first thing is, don’t ignore it. Don’t wait and see what other site owners do.
At IE we’re working with our clients to audit the cookies used on their sites. And once we know what they are and what they’re used for we can judge how intrusive they are. Finally we decide on an appropriate mechanism for gaining consent for cookies and making such amendments to the site as necessary with the least impact on user experience.
In Summary
• The cookie law has been created to protect web users’ online privacy
• It is being enforced from 25th May 2012
• The Information Commissioner has the power to impose fines of up to £500,000 for non-compliance
• The onus is on the visitor opting-in. Having all cookies enabled by default and offering a method to opt-out is not allowed
• Website owners must provide their visitors with details of the cookies that their site uses so that they can make an informed decision as to whether to accept cookies or not.
- Log in to post comments
