EU Cookie Law Deadline, May 26th 2012

Update: May 26th 2012: The ICO changed the requirements at the very last minute stating it is OK to assume consent for cookies, but a clear link to instructions on how to remove or block cookies needs to be shown. This means you no longer have to block cookies and ask to allow them (which is great news!), but you do have to make it clear you use cookies and inform the user how to remove or block them. We recommend using an unintrusive pop up at the bottom of the website not to lower the user experience of the website.

The Directive

The EU Cookie Law deadline of May 26th is approaching by which time all websites need to confirm to the EU Cookie Law directive.

What are cookies?

A cookie is a small file stored on a users computer by the browser when they visit a website that leaves cookies. The browser can read a users cookies and send information back to websites that a user visits. Cookies are primarily a mechanism for websites to remember things that a browser had done there in the past, which can include having clicked particular buttons, logging in, or having read pages on that site months or years ago. Cookies can also be used to track users browsing patterns, such as those left by Google Analytics that all our customer websites have.

You can read more information here

So what’s the issue with cookies?

It’s possible that cookies can be used on commercial websites to target advertising at users based on browser and internet patterns and history. It is possible this has privacy implications and so the Information Commissioners Office (ICO has created a policy to prevent this happening.

What does the policy require?

Although cookies can be turned off by a user on a per browser basis, due to said privacy concerns, the ICO has decided a user must opt in to receive cookies rather than opt out. The EU cookie law which comes into force on May 26th 2012, requires websites to gain consent from visitors to store or receive any information on a computer or any other web connected devices (e.g. smartphone or tablet). The cookie law has been designed to protect online privacy of customers by making them aware, and giving them a choice, about the amount of information collected by websites. After May 26th 2012 if a business is not compliant, or is not visibly working towards compliance, it will run the risk of enforcement action and a possible fine of up to £500,000.

What are the implications?

In order to comply, when a user visits your website they should be presented with an option to accept cookies before any cookies are left on their machine. The cookies need to be explained in a clear Privacy Policy. Google Analytics requires cookies so this will stop collecting data until a user accepts the cookies. Any cookie required for the website to function (i.e. shopping basket, login forms) are exempt and are OK to be created.

What do I need to do?

Most content management systems, including the systems we provide to our customers, leave cookies on a users machine. In theory, these cookies need to be prevented from being created until a user agrees to accept cookies.

Your web developer will need to make some changes to your website code to prevent the cookies being created and, if you need cookies, add in an option for the user to accept cookies (an unobtrusive pop up box is common). If this is not implemented, then you need to be able to show you are actively working toward implementing it.

In addition to this a clear Privacy Policy needs top be created to explain what data and cookies the website collects, and what the website owner does with the data.

What has Amity implemented?

We have disabled all cookies our website except Google Analytics. We believe Google Analytics to be an essential service for the operation and function of our website and therefore exempt (note this is our opinion and not those of the ICO). Why? Because we use Google Analytics to ensure our website is performing well, functioning properly, and stays competitive. It allows us to continuously improve these aspects which in turn allow us to provide our products and services to a level customers expect.

We have also implemented a Privacy Policy that clearly defines our use of cookies and other data we collect.

If you need any help implementing these actions please contact us for more information.