On May 26th the EU Cookie law will come into force. Websites that don’t comply could face a fine of up to £500,000. You may think that as a small business owner this law is not going to apply to you – this is not the case. At the very least, you need to understand what cookies your website uses and make sure that you inform your visitors.
What are Cookies?
Cookies are small text files which websites place on visitors’ computers. Websites use cookies to learn more about the visitor. Some websites may use cookies to remember what you last looked at and make recommendations for you. As a small business owner, you will more than likely use cookies to check how visitors use your site using tools like Google Analytics.
What is the EU Cookie Law?
The EU Cookie law came in last year, but the Information Commissioner’s Office gave websites a year to implement it. The law requires websites to get permission from visitors before placing cookies on their computer. You should ask visitors outright if you can put cookies on their computer and explain clearly what the cookies are used for. You can’t bury the information in your website’s terms and conditions.
Implementing the Law
This law is not going away and it will be necessary to make changes to your website to work towards implementing the law. You should work towards having a opt-in box for people to tick to allow you to put cookies on their computer.
What Should You Do Now?
The Information Commissioner’s Office has suggested that the most important thing is to take steps to moving towards full compliance. You should understand what cookies your website uses and create a plan to implement an opt-in.
In the Guidance on the New Cookies Regulations document available on the Information Commissioners website, it is stated
“In practice we would expect you to provide clear information to users about analytical cookies and take what steps you can to seek their agreement. This is likely to involve making the argument to show users why these cookies are useful. Although the Information Commissioner cannot completely exclude the possibility of formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals. Provided clear information is given about their activities we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action.”
Use Attacat Cooke Audit Tool to find out what cookies your site is using. You will then need to work out how to make sure cookies are only set once people have given their permission. At the very least make sure you know which cookies your site is using and be open and honest about it. Make sure you clearly tell your visitors what cookies are on your site and what you are using them for. Create a clear cookie policy (separate from your privacy or terms and conditions policies).
I would suggest you contact your website designer to see what they suggest you do about this new law. I would love to know your thoughts.
Find out more information at https://www.itdonut.co.uk/sites/default/files/ITD_Cookies_4D_0.pdf
Update to the Cookie Law 25th May 2012
The ICO have released revised guidelines which states that “Implied consent is a valid form of consent”. So long as your visitors know which cookies are being used, if they continue to use the site, they have given consent. For example, there is a video on the ICO website with the text “NB: playing YouTube video sets a cookie – more info.)” If I now go ahead and play the video, I have given consent for the cookie to be downloaded to my computer. This is an important change which will make it easier for websites to comply. What do you think?