On May 26th the EU Cookie law will come into force. Websites that don’t comply could face a fine of up to £500,000. You may think that as a small business owner this law is not going to apply to you – this is not the case. At the very least, you need to understand what cookies your website uses and make sure that you inform your visitors.
What are Cookies?
What is the EU Cookie Law?
The EU Cookie law came in last year, but the Information Commissioner’s Office gave websites a year to implement it. The law requires websites to get permission from visitors before placing cookies on their computer. You should ask visitors outright if you can put cookies on their computer and explain clearly what the cookies are used for. You can’t bury the information in your website’s terms and conditions.
Implementing the Law
This law is not going away and it will be necessary to make changes to your website to work towards implementing the law. You should work towards having a opt-in box for people to tick to allow you to put cookies on their computer.
What Should You Do Now?
The Information Commissioner’s Office has suggested that the most important thing is to take steps to moving towards full compliance. You should understand what cookies your website uses and create a plan to implement an opt-in.
In the Guidance on the New Cookies Regulations document available on the Information Commissioners website, it is stated
“In practice we would expect you to provide clear information to users about analytical cookies and take what steps you can to seek their agreement. This is likely to involve making the argument to show users why these cookies are useful. Although the Information Commissioner cannot completely exclude the possibility of formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals. Provided clear information is given about their activities we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action.”
I would suggest you contact your website designer to see what they suggest you do about this new law. I would love to know your thoughts.
Find out more information at https://www.itdonut.co.uk/sites/default/files/ITD_Cookies_4D_0.pdf
Update to the Cookie Law 25th May 2012
The ICO have released revised guidelines which states that “Implied consent is a valid form of consent”. So long as your visitors know which cookies are being used, if they continue to use the site, they have given consent. For example, there is a video on the ICO website with the text “NB: playing YouTube video sets a cookie – more info.)” If I now go ahead and play the video, I have given consent for the cookie to be downloaded to my computer. This is an important change which will make it easier for websites to comply. What do you think?