The EU Cookie Law has been around since 26th May 2011, and we are still getting clients asking us to explain how if affects them, which is perfectly understandable. Fortunately, more recently this has become easier for us to explain, as a result of the Information Commissioner’s Office (ICO) numerous updates to how they will enforce the law, we are finally seeing agreement between website developers and the ICO on a plausible solution.
Introduction to the EU Cookie Law
The Cookie Law itself has been a masterclass in red tape and bureaucracy by the European Commission’s; Article 29 Working Party, not only has it caused confusion, but also unnecessary panic.
What is a cookie?
Basic version: A cookie is a file sent from a website to your browser (e.g. Firefox) and is stored on your computer, this file is sent back to the website every time you visit.
Technical version: A cookie is a text file that works as an identifier which is a string of letters and numbers, this file is sent by a web server to a web browser and then stored by the browser. The identifier is then sent back to the server each time the browser requests a web page from the server.
What do they do?
Cookies are used by web servers to identity, and track users as they navigate a website, they also identify returning users. There are two types of cookie, persistent cookies and session cookies.
Persistent cookie; will be stored by the browser and remain valid until its set expiry date (unless deleted by the user before the expiry date).
Session cookie; will expire at the end of the user session, or when the web browser is closed.
The Cookie Law
The Cookie Law is aimed at protecting privacy, and as a result requires websites to notify their visitors that information is being stored and retrieved from their computer or mobile device.
The belief is that by making consumers aware of how information about them is being collected, and then enabling them to choose whether they want to allow that exchange of information, protects their privacy online.
Compliance with the law
Who has to comply?
Any website that uses cookies, and is based in the EU, or targeted towards EU citizens, is expected to comply. Meaning they must get consent from their visitors.
How to comply
First of all you need to find out if your website uses cookies. To find out either ask you web design agency or use cookie-checker.com to scan your site for free.
Your website doesn’t use cookies: You don’t need to do anything, you already comply with the law.
Your website does use cookies: First of all you should check if the cookies being used are necessary, and remove any that aren’t. You will then need to add a method gaining consent, we highly recommend using an implied consent method.
Types of Consent
There are two methods to gain consent; obtained consent and implied consent.
Obtained consent uses methods that force the visitor to either agree or disagree with cookie. Either when the visitor lands on any web page or before the visitor can see any content. This is very unpopular and is now widely understood as over-the-top.
Implied consent due to an exponential rise in complaints, implied consent is the most popular method. It does not interfere with the visitors experience, as it presumes the visitor accepts the use of cookies. This can be done either through a banner, a cookie policy page, or any form of notice, it just needs to clear and easy to find.
What if I my website doesn’t comply?
The ICO is keen to avoid prosecution, they tend to advise on compliance before prosecution. In the majority of cases the ICO will only look into websites that have been reported.
In the first instance the ICO are most likely to contact you with guidance on how to comply. If you do not act on their advice in a reasonable time then it is quite likely they will prosecute.
Conclusion
If you website uses cookies then we highly recommend that you add a method of implied consent to conform with the EU Cookie Law, preferably a cookie policy page, as it does not interfere with your visitors experience, it also adheres to the ICO guidelines.
If you would like a more in depth guide the Cookie Law, please visit the Information Commissioner’s Office website.