Partner Article

Friendly advice on the EU Cookie Law

Firstly – this is just our general advice and thoughts. It does not constitute legal or financial advice – if you are in any doubt please contact a fully qualified Internet legal professional.

What is a Cookie?

A Cookie is a small text file saved by a website browser. It is used to save information about a user – in simple terms to ‘remember’ you in your visit to a site, or a repeat visit. Without cookies there would be no logging in, shopping baskets and basically anything we now take for granted on the Internet.

Believe us? Try disabling cookies on your website browser, then us a site such as Facebook or Amazon.co.uk. Rubbish eh?

What is the new law?

The new law states that for certain types of cookie, websites must give the end user a choice of whether to accept cookies or not on the first page. If they don’t, then they will either have a lesser user experience, or in some cases be redirected to a neutral website i.e. Google. The law comes into effect May 26th 2012, having already been put on hold for 12 months since it was announced.

Why has it been put forward?

Cookies have had a bad press since we can remember starting up in 1999. They have been blamed for user privacy breaches and malpractice ever since – but like most things, Cookies aren’t evil, but they can be used for evil purposes.

Example: I visit a website on surfboards. The surfboard website employs a cookie to set that I like surfboards. I then visit a second website which serves amongst its content advertising. This website reads the cookie from the first website and starts showing me surfboard adverts, as it think I’m interested in them.

Now this example is pretty extreme – cross-site cookies (those that can be accessed by many sites) are only set by advertisers, trackers and other systems explicitly designed to do so. Your cookie to save a log-in session cannot be read by any other site than yours.

What solutions are available?

There are two options in practice so far:

Have a pop-up box saying “Do you accept cookies – yes or no” when a user enters the site. EG http://www.bt.com/
Have a warning message on entry in a prominent part of the site asking for permission. EG http://www.ico.gov.uk/

Why are these methods that bad for my business?

We spend so much time as business owners creating great sites and getting everything set up to woo and attract visitors. The last thing they want is a pop-up or in-your-face message, scaring them off with unfriendly terms and actions. It spoils the design, user experience and intimidates to vast majority of site users who think a cookie is a tasty biscuit, not something to be wary of.

Why can’t it just be part of my terms and conditions?

“By visiting this site you give explicit permission to accept cookies” would be nice, but for some reason this needs to be in the customer’s face. The new law states that you need to get explicit permission, and also the obvious fact that to visit a site’s terms and conditions they would have already clicked through and had a cookie placed whether they like it or not.

Do I need to do it? Harris CMS customers?

Now here’s the good part. The law states that any cookie set which is just for the operation of the website does not need permission. So logging in, adding to basket, saving product details for personalisation is fine. This covers all of the functions with Harris CMS both from a customer angle, and from those using the CMS.

Third Parties – Google Analytics

Now here’s the bad part. If you chose to use your own or any third party systems for monitoring and tracking, yes you do need permission. Top of the shop is Google Analytics – a popular web tracking and analysis system, although there are other systems our clients like us to integrate with which fit into this including affiliate marketing.

As an aside – Google has yet to publically issue a policy about this. Strange I know as the use of Google Analytics is the biggest query so far in all of this. When we find out more we’ll let you know.

What happens if I don’t do it?

The law promises fines of all sorts of levels up to £500,000 for non-compliance. The body however has never issued a fine in its 20-odd year existence, so it is up for debate what will happen. They are intimating they want to see steps being made towards compliance in any case, but that is as clear as mud.

We can help out with advice – it can range from stopping the use of third party systems, to adding the pop-up code & technology, to doing an audit and seeing what you use at present.

What should I look out for?

The ICO aren’t going to chase down every website, yet they will respond to complaints. Who will make complaints?

We anticipate there will be companies contacting website owners telling them their website is “illegal” and offering to sell them all sorts of commercial solutions. Some may be good and proper companies offering a value-based service, however the history of marketing on the Internet, especially by email, is cloudy to say the least.

Finally – what should I do?

We can’t tell you want to do – you can choose to do nothing, or do something. If you would like some help and advice please contact us, or contact an experienced Internet lawyer. We can add in the necessary code in as friendly a way as possible if you wish.

Google is often your friend; however use it with caution on this subject.

References

http://www.ico.gov.uk/

http://www.aboutcookies.org/Default.aspx?page=3

This was posted in Bdaily's Members' News section by Colin Harris .