Cookie Legislation – what’s the deal?

June 18, 2012

In May 2011, a new EU directive issued by the Information Commissioner’s Office (ICO) came into effect that requires website owners to inform their visitors about the Cookies their site uses.

In May 2011, a new EU directive issued by the Information Commissioner’s Office (ICO) came into effect that requires website owners to inform their visitors about the Cookies their site uses.

One year later and as of May 26^th 2012, the law is now fully in effect and examples of companies and their spin on compliance are starting to appear.

The Law

The new law states that for certain types of Cookie, websites must give the end user a choice whether to accept their use or not.  If they disable Cookies, their user experience will be affected a great deal for some websites and other services such as website tracking will cease to work.

Although the terms of the law are currently vague, and there is a lot of debate about which Cookie’s are essential for your website to operate (essential Cookies do not require consent), it is deemed that as long as you are making an effort to inform your end-users about the Cookie’s that are being used on your site and obtaining consent to use them, that should be sufficient to show you are making steps towards compliance.

What’s a cookie?

A Cookie is a small text file saved by your browser that is used to store information that can be used on subsequent visits.

Cookies are used by almost all websites for a variety of purposes including:

• Website analytics
• Personalise websites and user preferences
• Shopping carts
• Targeted advertising

Without Cookie’s, you wouldn’t be able to do simple things like log on to a website, use an ecommerce shopping cart or most other things you take for granted while browsing the web.

So, what do I need to do?

The ICO has recommended three steps towards compliancy:

• Perform a cookie audit to establish what cookies are used on your site
• Assess how intrusive these cookies are
• Where consent is needed, decide what method to obtain it is best in your circumstances

Obtaining consent for Cookies to be used can be achieved in a number of ways depending on what Cookies are used.  A number of high profile websites such as the BBC, Financial Times and Channel 4 have demonstrated different ways of obtaining consent, most it would seem are operating a simple banner advising of cookie use and the steps required to disable cookie’s if that is what is wanted.

That is a similar method adopted by Spinbox Media – an overlay appears unobtrusively in the bottom right of your screen advising of cookie use and respectively, where to find information about cookies and how to disable them, if required.

What happens if I do not comply?

The maximum penalty for non-compliance is £500,000 for a serious breach.  The ICO have made it clear however that the top penalty has been reserved for serious offenders of the law.

The ICO have made available a system for the public to report concerns about websites they feel use cookies unlawfully by way of an online form.

Spinbox advice

Our advice is as follows:

• Perform a cookie audit on your website to establish what cookies are used
• Create a cookie-policy page that outlines what a cookie is what cookies your site uses, and how to disable them if required
• Provide a link to that page in a prominent place

If you want to comply with the new law, please call Spinbox Media today on 0845 094 2341 or email contact@spinboxmedia.co.uk.

An example of how we will be complying with the law can be seen here.