Cookie Laws – What is going on?

Back in May, we wrote about the new Cookie laws. Firstly, I just want to make a quick reminder; it is not actually a law specific to Cookies, it is actually a law on ePrivacy, and Cookies happen to fall under that heading.

On the 25th May 2012 the ePrivacy laws came into effect; that essentially meant that if your website set a cookie then you needed permission first. Penalties for failing to do this could be as much as a £500,000 fine.

PANIC, CONFUSION, PANIC…….actually let’s just ignore it and see what happen….

I suspect after being bombarded by calls and emails the ICO, who are tasked with implementing the law, decided that they potentially had a PR and operational nightmare on their hands, as they were unsure on the “rules”, so how on earth was a non-technical and legal person supposed to know what to do.

So what the ICO did and quite rightly in our opinion, was to make a slight amend to the regulation 48 hours before it was due to come into force. It is a minor but important change which is “implied consent”. So the shift has been moved from the website operator to the user. The Guardian paper did an interesting article on this in more detail.

What this also did was buy the ICO some more time. KPMG did a survey that showed on 25th May only 5% of UK sites had complied with the regulations, there is more on that article which appeared in the Financial Times here.

So what is the ICO position now on cookies?

Here are some bullet points that we have pulled together from the video:

  • Start the process
    • Do a Cookie audit
    • Be clear honest and upfront to users
  • They are not going to be handing out fines, but are more likely to enforce compliance by sending a series of steps needed which may or may not have a cost, depending on who implements the changes
  • It is EU law and UK are first to implement it, but be ready as this will be across the EU so you might as well be ready
  • They have set up a reporting service so that the public can report sites that are not complying
  • Browsers may accommodate it in future software releases but it is still down to website owners

So what do we recommend?

Well we recommend that for a full belts and braces solution you have the visitor confirm they understand any cookies your site sets and they are happy to receive them, before they go any further into the site (this confirmation only needs to be done once, so if they come back they will not get asked again).

We have such a solution on our site which you may have been presented with or by clicking on the “Privacy Settings” tab in the bottom right of this page you can see how it works. We have implemented this solution for many of our clients and is great value from £49.

We are 100% clear that doing nothing is not the right path to take.

So if you do not want to pay for a service similar to the one we provide what can you do yourself?

  1. Do an audit of your site – find out what Cookies it sets and prove that you understand what data you are capturing from visitors and that you know what happens to that data.
  2. Inform visitors – Put somewhere on your site (and not hidden in the deepest darkest depths of your site) information that tells them about what you have found in point 1
  3. Choices – Tell your visitors how they can opt out of you setting a cookie, this could be by configuring the browser or even giving them an option there and then to just leave your site!