With new EU legislation being enforced on the 26th of May, companies are now being forced to obtain the permission of users before using cookies.
Until recently this law was endorsed by the UK’s information commissioner (ICO) and was to be enforced fully in the UK.
However, just a day before the law was to come into force the ICO changed its view on how it will be applied in the UK. Previously they said that only explicit consent by the user would be sufficient. However, now the ICO says that implicit consent is now acceptable and that purely by using your website users are consenting to cookies. This means that the UK law is now out of sync with the EU law.
It’s uncertain on whether the UK law will be overruled by the EU one. So, if you want to be safe and make sure your website is complying with the EU law then follow these five steps.
Are you using cookies?
First of all you need to find out if your website is using cookies. There are a few good tools that enable you to do this. If you use Firefox then you can install this View Cookies add-on. This allows you to see what cookies are being used on whatever website you are viewing.
There are also companies that will audit your website for you to see how you are using cookies. TRUSTe are offering a free 100 page website tracker and cookie audit until the 25th of May, when the EU Privacy Directive comes into play.
of their activities.
Why are you using cookies?
If you are using cookies then you need to what they are and what they do. According to the International Chamber of Commerce there are four categories that your cookies will fall into – strictly necessary cookies, performance cookies, functionality cookies and targeting/advertising cookies. Each of these different categories require a different level of consent.
Strictly necessary cookies are cookies deemed essential to running your site and as such you do not need the user’s consent for. An example of a strictly necessary cookie is one that is used to remember what item you have stored in an online shopping basket.
Performance cookies collect anonymous data that shows how well your website is performing. These can be used to see which pages are visited the most and how users interact with them. To use these you will need to get consent from the user.
Functionality cookies are used to increase the usability of your website. These can be used to store information about the user, such as the user’s language or font size preference. Consent has to be gained before using these.
Targeting/advertising cookies focus on delivering more relevant advertisements to users. They track how many times a user has seen an advert and how effective it has been. This allows advert providers to provide a more tailored service to each user. Consent must be gained, even if the cookie is provided through a third party.
Remove unnecessary cookies
Inform your users
If you haven’t managed to get your website to use just strictly essential cookies then you are going to have to gain consent from your users. The most simple way of doing this by simply having a pop-up appear when a user first uses your site stating something along the lines of “By using our service you are consenting to use placing cookies on your computer”. Make sure to also link to a page explaining in detail what cookies are and why you wish to use them.
Another tactic, the one employed by the Information Commissioner’s Office, is to include a banner at the top of your website that explains about cookies and has a tick-box so users can consent. This is less intrusive than a pop-up but could also have a lower impact.
A more elegant solution has been provided by CivicUK. They have created a customisable little widget that will appear at the bottom of user’s browsers when they are viewing your site. This widget is a simple solution that makes sure you are going to be legally safe when the new EU law comes in.