Getting ready for the EU cookie law
In our industry – like in many – sometimes we get affected by legislation within our industry.
There is a law coming into enforcement at the end of this month – on the 26th May – which is called “The EU Cookie Directive”. It’s been on the cards for the last year, but the actual deadline is now looming.
It applies to websites in the EU, and it’s all about protecting people’s privacy. The law is about letting people know when there are “cookies” on a website – bits of code that let the website know information about its users. So, users on websites need to know about the cookies on a website and “opt-in” to allow them to work. Because “cookies” on websites mean that websites collect data from users, it’s important for privacy laws to alert clients so they can consciously opt into having cookies.
Cookies are used for lots of things. For example, when we login into our Google account we need to have cookies enabled. When we comment on a blog, for the site to remember our little avatar picture from the previous blogs we have commented on, it needs cookies.
Unfortunately, disabling cookies on a website will disable some of the nicer functions which do use cookies – like Google Analytics and social sharing plugins. To comply fully with this new law you will have to interrupt visitors, asking their permission (through the use of annoying pop-ups) to use cookies on your site. This can potentially mean that your website users won’t experience the full potential and effect of your website.
You can learn more about this on the official ICO Website and also download this PDF on the “Guidance on the rules on the use of cookies and similar technologies”.
These are some of the things affected by cookies on a website:
- If your website uses Google Analytics, this requires cookies for it to work (even though the information collected is anonymous). If a website has no cookies running, it means that Google Analytics won’t work. We recommend that to comply, you explain to your site visitors that the site is collecting details about things like their browser type, what PC they are on, and where in the world they are.
- If your site has any behavioural advertising that tracks users and builds a profile over time, this is prohibited by the EU without prior consent.
- If your site uses anti-spam filtering it can use a cookie in the browsers using Javascript. This stops spam bots submitting blank forms.
- Some social media plugins, such as the Facebook “like” button use cookies.
- If your site has an e-commerce facility, you will be asking people to fill out their personal information and need to explain that cookies are used in this process too.
There is no need to be worried about this as we have a few different things that we can help you with.
We’re hoping that soon there will be exceptions or updates on this law, but until then we wanted to offer our support in helping our clients to try and comply – by making some changes in their site to alert visitors that their site uses cookies.
Here are the steps we recommend you take:
The first thing we recommend doing is updating the privacy policy on your site to include information on cookies, and if you don’t have a privacy policy on your site, now is a good time to add one. We can recommend people who will help you write this up, making sure that all the information you need is included in your privacy statement.
Once this is done you can just wait and see what happens. We’ll keep on top of what’s happening and see how others are reacting to the new law and will keep you updated on any changes that may potentially happen. We’ll also watch what the larger firms out there are doing because if anything they will be the ones that will need to stick to this if the Government insists on keeping the law in place.
For any current/recent projects, we will be discussing this with you and the ways in which we can incorporate this into your site.
What some of the big boys are doing:
At the moment we’re keeping a close eye on what some of the bigger, high profile companies are doing when it comes to complying with the law, giving us a better idea of how we should be dealing with it. Here is a list of some of the sites we’ve been looking at:
- ITV has a small disclaimer in their footer
- Amazon is using a separate page to explain about cookies
- Virgin Media has decided to ignore the law altogether!
Still not sure?
If you are still a little worried about this there are some further steps you can take to make sure you are complying with the law, and we can help you out with this! Here is what we can do.
- We would conduct a “cookie audit” on your site so we can confirm which of the above cookies are in use on your site
- You would then need to update your privacy policies. One of our contacts, Off to see my lawyer (www.offtoseemylawyer.com ) has ‘oven ready’ templates including cookie compliant Privacy Policies on special offer at £64 +VAT instead of £80 +VAT. You would enter the code ‘Cookie12’ at the check- out. They come with 30 minutes of free advice and easy to use guidance notes.
- We will then integrate the new disclaimers/privacy policies and pop-ups as per the recommendations for your cookies. The recommendation is to have an obvious popup that shows a clear message that the website uses cookies, what they are, and asks the user to click to allow these cookies. For these, there are many options and we would mockup how this would look on your site and get your approval before implementing them.
If you already have maintenance time we use we can do this using some of this time – we estimate an average of 1-3 hours of work per site. We would be able to give you a more definitive quote on a case by case basis.
In our experience, this thing isn’t something that is heavily policed, but we are happy to help out – just let us know if you would like us to do a cookie audit and go through options for you.
Comments
Alan Ogden
In truth what you have to realise is that this cookie law has been in place for the last 12-18 months, it’s not new. The issue about ‘tracking’ cookies is something that is meant to prevent unauthorised 3rd party cookies (advertising etc) ‘tracking’ you to other websites. It does NOT cover things like Google Analytics despite what the documentation suggests.
The actual cookie law is so ambiguous that no company can properly adhere to the ‘law’ without severely damaging or hindering their site(s). Look at the UK Government; their sites are not yet compliant.
My advice is to wait for further clarification before coding in explicit ‘opt-in’ policies for ALL cookies. Whilst it’s nice to be compliant, it’s also nice to be compliant to a workable ‘law’. Virtually every site falls foul of this law. They’d have to sue everyone, and who are ‘they’ exactly? This is the net neutral, country agnostic internet. Good luck.
Carl Potts
As a web designer I’m slightly concerned about the consequences of this legislation