Cookies and the new EU Cookie Law

cookies

From 26 May, UK websites are required by law to comply with the EU “Cookie Law” which means that website owners must advise visitors that they are using cookies and must gain the consent of each visitor before serving them web cookies.

The new policy was actually passed on 26th May 2011 but it didn’t seem to launch due to lack of uptake from webmasters. The ICO agreed a one year’s grace period meaning the new cookie law will officially be enforced from May 26th 2012.

So action will now need to be taken but the problem is most people don’t  really understand what cookies are, let alone how they can comply to the new law. Below is our guide to Cookies, how they are used and how to comply with the new Cookie law.

WHAT ARE COOKIES?

A cookie, also know as Web Cookie or Browser Cookie is a simple text file that gets downloaded onto your PC when you visit a website. They are not programs and they don’t actually do anything. They generally contain two bits of information: a site name and a unique user ID.

HOW DO COOKIES WORK?

A website that uses Cookies will download one onto your PC when you first visit. The next time you visit that site, your PC will check to see if you have a saved cookie from that site and sends the information contained in that cookie back to the site. The site then ’knows’ that you have been there before, and will automatically load the information previously sent to the cookie. For example, you’ll probably use some sites that automatically load your email address/username and password onto their login screen so you don’t have to type it in every time, this information was stored in the cookie and is sent to the website every time you visit it.

WHAT IS THE NEW COOKIE LAW?

The “Cookie Law” comes the EU Privacy and Electronic Communications Directive, which took place in November 2009. It aims to safeguard privacy online and protect web users from unwanted marketing. It basically breaks down into the three following rules:

  • If you are using Cookies on your website you need to let every visitor know that when they come to your site.
  • You need to let them know what type of Cookies you are using on your website.
  • You have to gain consent from the visitor for you to use cookies and they need to have the option to opt out if they do not consent.

DO I NEED TO COMPLY WITH THE NEW LAW?

The new cookie law applies to all member states of the European Union, so any sites based in the UK that uses cookies will need to comply. Websites outside of the EU must also comply if they are targeting people within member states. For example, a US based site selling to UK customers will need to comply.

HOW DO I MAKE MY SITE COMPLY TO THE NEW COOKIE LAW?

Basically your site must gain the consent of your visitors for placing cookies on their computers. It is not made clear exactly how you should do this, but there must be some form of communication involved whereby the visitor knowingly consents to cookies being used.

Your webmaster should be able to help you with the best way to implement this on your site. You could have a pop up, but most browsers now block pop ups by default, or a box that appears at the top of you site which people have to click on and agree to the new privacy policy to make it go away, or have a notice at the top of your site to say that you are tracking cookies, maybe with a link to a page which explains more about cookies and the new privacy policy.

WHAT HAPPENS IF MY SITE DOES NOT COMPLY?

The UK Regulations carry a maximum fine of £500,000 for serious breaches. The ICO will be concerned with the impact of the breach of the new cookie law on the privacy of website users. Initially companies will be sent information notices or enforcement notices with fines for further non compliance.

Further information can be found at About Cookies.