There’s been a lot of panic around recently due to a change in the UK online cookie privacy law that became compulsory in May 2012. This has got a lot of people worried and confused as to whether their website is complying or not within this new law. So what is all this cookie stuff about?
What's the beef?
In a nutshell, a new law now requires all websites to ask visitors for permission to store and access cookies on their computers.
There was an EU ePrivacy directive passed back in 2009 which in itself isn't a law but from which each EU country is required to make their own enforceable laws. The UK brought its new cookie law into action in 2011 but gave a years grace period which ended in May 2012, which is probably why you've recently noticed more messages on various websites asking you to accept cookies on to your machine. Prior to this websites were allowed to automatically place cookies on your computer as long as your browser preferences were set to accept them.
What the hell is a cookie anyway?
A cookie is a small file that allows information to be sent back and forth between a website and a user’s browser so that websites work smoother and the user gets a better, uninterupted web experience. This can contain information that helps with things like remembering login passwords so that you are automatically logged in next time you visit a site. Other uses of cookies are storing a user's preferences, google analytics details, access/authentication, identification of a session, remembering shopping cart contents, etc.
Your cookies can also pass on information from one site that you visit to another, for example, if you are logged into a social network like facebook and you visit a news website your browser will realise you are logged into facebook and allow you to share a news story to your facebook friends directly from the news site without asking you to log in again.
This same method can be used for targeted advertising which allows websites to see what sort of sites you have been visiting previously and tailor the adverts displayed to you according to what you are interested in.
What's this new law trying to achieve?
The principle purpose of this law is to protect privacy even when the information collected via a cookie is not necessarily personally identifiable. The issue around consent is about transparency and helping the user know what information is being collected and by whom.
What does the law say?
Regulations already existed dating back to 2003 which stated that you had an obligation to tell users how your site uses any cookies and give them information on how they can opt out if they objected. This was usually contained within a privacy policy page typically placed in the footer of a website.
However as of 26 May 2011* new regulations state that:
1) All websites must provide clear and comprehensive information about the purposes of the storage of or access of information via any cookies they are using; and
2) Website owners must obtain consent to store a cookie on a user or subscribers device when they visit a website.
Essentially the law is very similar to the 2003 regulation with the main difference being that whereas previously you just had to provide an option to opt out, the new law now requires every visitor to a website to actively ‘consent’ i.e. opt in or opt out of cookies being set for their web session.
It is this active step of flagging up a message or a pop-up box that has got the web industry annoyed as it is disruptive to the user's experience on most websites they will visit. Considering that 92% of websites use cookies to varying degrees you can see why developers might feel this is annoying but the fact is that this is the law now and unless they are going to stop using cookies then they will need to comply or ignore the law.
* The regulations were enacted in May 2011, however a year’s grace was granted for implementation meaning the deadline for compliance was 26 May 2012.
What could this mean for you?
Generally we would say that there is no great cause for panic for many B2B websites like those of our clients as they tend to not rely on cookies too much past the analytics use. It is something that should be implemented into your site alongside any other updates you are performing. Most sites can be amended quite simply to display a message asking for permission to store cookies with a simple accept or refuse button for customers to click on.
If your site is selling anything or storing details of users then you should definitely be looking to comply as a matter of urgency as the ico (Information Commissioner's Office) has the power of fining up to £500,000 (though there is suggestion that this would only be for when serious fraud has been committed causing substantial damage or loss to the user).
So, simple isn't it
We've tried to give you the edited version and keep it fairly simple and in layman's terms here. Obviously there is a lot of information surrounding anything like this and ico are the official body responsible for handling this new regulation. They have prepared a PDF containing the full details regarding the cookie law and this can be downloaded here.
There is also a FAQs video presented by Dave Evans from ico explaining what companies should be doing in order to comply with the new regulations which you can view here.
As a final note, if any of our Lamb client's out there are reading this and want to discuss any potential changes that may need to be implemented on their website then please contact Carl on 020 7247 2233.