Complying with the new Cookie Law
The EU Cookie Law began with the amendment in 2009 of the EU’s Privacy and Electronic Communications (e-Privacy) Directive that stated that website owners can no longer implant cookies on their users’ computers without first getting permission. In short, the EU is trying to require brands to be more open and transparent with their customers’ data.
This directive, in the form of new UK regulations, will shortly come into force on 26th May 2012 and the Information Commissioner’s Office (ICO) has stipulated that all UK websites will require the full consent of the end user in order to continue using cookies.
Although it is unclear yet how heavy handed the ICO will be in enforcing compliance, it is likely that making no attempt to meet the new requirements could result in hefty fines. The ICO is also likely to focus its attention on ‘persistent’ cookies, i.e. those that remain on a user’s computer after a session has ended and remember the user when they return.
Website owners should carry out an audit of their online properties to see what cookies are being stored, how intrusive they are and to understand what they are being used for. Where you feel consent is necessary, study official websites such as the BBC’s cookies policy to see how they deal with various types of cookies and consider how clear you need to be in communicating the opportunities for users to consent to the use of cookies. It is also worth reviewing Econsultancy’s advice as to how they have approached compliance with the cookie law.
It is likely to take a couple of years before accepted best practice becomes clear, however it does seem likely that due to the practical constraints involved, a ‘tick box’ solution to opt-in will prove too tricky for businesses to implement. For the time being businesses should ensure that their privacy policies are updated to deal adequately with the cookie law and are displayed in a prominent enough manner.