You may be aware that on 25th May last year the EU brought into effect a new Cookie Directive; UK companies have until the 26th May 2012 to comply – a day now known as next Saturday. So, what is this likely to mean for you and your website?
What’s the new Cookie Law say?
Of course, the new law isn’t anywhere near as simple as that. This article aims to give you a basic idea of what’s going on and where you stand. Ultimately though, it’s going to affect everyone differently, so you’ll need to take whatever further steps are required to reassure yourself your business is covered.
What are Cookies again?
Cookies are small text files that are saved to the visitor’s computer when they visit a website. They allow the site to recognise that visitor and track them. The data they contain might just be a code used to recognise that person, or they might contain a lot more.
The good news is that cookies which are deemed “strictly necessary” for a service requested by the visitor are allowed. This should include login and shopping cart cookies, provided that the information held by the cookie is only what that function requires. You couldn’t use the visitor’s login as an excuse to use analytics cookies – unless they have given informed consent.
What’s going to happen?
So, if your site fails to comply with the new Directive on 26th May will you have EU Cookie Stormtroopers breaking down your door? The answer seems to be a confident “No”, and not just because EU Cookie Stormtroopers don’t work weekends.
The government body behind the UK implementation of the law, the ICO (Information Commissioners Office), have given some guidance on how they will enforce the new Directive. In fact, it turns out they don’t even employ stormtroopers, just a team of investigators. While the 50 largest and most prominent UK websites will be getting a letter about compliance, most businesses will not.
Active ICO investigations will initially be driven by multiple user complaints about a site. Also, the ICO may target specific sectors where they feel their investigations will most benefit internet users’ privacy. Investigations will apparently be focused on getting businesses to improve their compliance rather than punishing failure; more serious action will only take place where businesses refuse to move towards compliance. It is likely that one of their first tasks will be getting UK government websites to comply, as the majority currently don’t.
So what should I do?
Given all of the above, the main point to take away from this is don’t panic; you don’t have to be 100% compliant by the end of the week. You should assess your situation soon and start moving towards compliance.
Investigate your Site
If your site was created by a web designer you might be able to find out more from them, but they may well charge for this; if they perform a proper audit of your site to check for cookie use this could take significant time, and very few developers have their cookies documented as well as the WordPress team.
Alternatively, you can use your browser to check your site for cookies yourself. If you use the Firefox browser, in Options under the Privacy tab there is a “Remove individual cookies” link (on the Mac it is in Preferences and is a Show Cookies button instead). Others browsers should have similar facilities. This will show you which cookies you have from your site, although it might not be clear what they’re used for. Make sure you perform a full range of appropriate actions on your site (click links – especially social networking ones, log in, use your shopping cart, etc.) to find cookies that are triggered in specific circumstances.
Make a Plan
Once you have an idea what cookies you use you can begin to decide what action to take. The good news is you’ve already shown yourself to be moving towards compliancy and once the Directive takes full force in the UK we should get more feedback on what is good practice to follow.
I’ll return to this topic in the near future with updates and look at some of the options available to bring your site into compliance.
N.B. This article does not constitute legal advice of any kind and it is your responsibility to ensure you understand this legislation and how it affects you and your site. You might want to visit eucookiedirective.com for more information.