So tomorrow marks D-Day for compliance with the new EU legislation on the use of cookies and most owners of websites, designers and anyone else who is bothered has generally been left a little confused with what has to be done (and why it’s all kicking in on a weekend)!
So the first question is what the hell is it? Against popular belief it’s not in anyway related to Sesame Street but refers to a new piece of privacy legislation that requires websites to gain consent from visitors to store or retrieve information on a computer or mobile device such as a smartphone. The simple aim being that users are given information about how personal data is used by websites and are consequently given the choice to protect their online privacy.
Back on 26 May 2011 an EU Directive – the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 – were adopted. The law is in place and has been for 12 months but the UK’s Information Commissioner’s Office (ICO) gave us all one year to get our houses in order and hence the 26 May 2012 ‘go live’ date.
So, as the clocks strike 12 tonight we should all be compliant – yikes! Now in reality we shouldn’t all completely panic but nor should we cover our ears, sing loudly and pretend we didn’t know about it – if you’ve not done anything yet or spoken to clients about this you should do so. There is an implication in the law that if you (as an agency) have helped a client in the design and build of a website you should help them in the compliance process e.g. by updating privacy content or allowing them to add a page to the site to state their stance on their use of cookies.
Don’t feel you can just shove any old copy on a website either – you need to find out what cookies are running on your site to ensure you understand what they do on a website. Many cookies are part of the basic operation of a site but others can pass on information to third parties and it is the latter that are the particularly onerous ones in light of the new law. It is these latter tags that ping up things such as behavioural advertising on sites you are looking at and from 26 May website owners may need to seek a users permission to use such cookies.
The ‘life’ of a cookie in use is also an issue – some delete themselves when you leave a website whilst others can hang around for months, years or in perpetuity which is something the law is particularly conscious of.
For many of us in the corporate world it is most probable that implied consent is fine – if you have no advertising on your site and you have cookies in place for site functionality such as Google Analytics or Facebook ‘like’ buttons then you are probably compliant as long as you clearly display details within your privacy page or create a ‘use of cookies’ page on your site (in an obvious place e.g. a global site footer).
If your site is loaded with third party advertising and other third party content it is best an ‘opt-in’ option is given on the homepage – it is also important that you keep up to date with any changes to third party content as any changes in cookie content needs to be updated in your disclosure.
So the bottom line – if in doubt then seek help but don’t keep your head down – whilst it is our view that the chances of a ‘cookie raid’ at 12.01 am on 26 May is unlikely the law is operative and action should be taken…good luck.
