What exactly is a cookie?

As well as being a tasty biscuit to have with afternoon tea, a cookie is also a small piece of information used on websites for a host of reasons such as remembering log in details, user preferences and to track a user’s journey through the site.

Cookies can't contain viruses or install any malicious software on a host’s computer but can be used to track browsing activities and it is this which has raised privacy concerns prompting the EU to take action to address this.

Why is this a problem?

In 2003 regulations implemented a European Directive concerning the privacy protection on the internet and other electronic communications which ensured users were able to choose to opt out of having cookies stored on their computer.  This was amended in 2009 which amongst other changes forced websites to go one step further and gain consent from visitors for the use of cookies.  The UK adopted the amendments on 25 May 2011 with a year grace to allow website owners to implement the changes.

The argument against this law is that the information collected cannot be used to personally identify the user and can in fact be very useful when displaying commercial messages as the browsing habits of the user are known.  However, many people see these cookies as spyware and the new rules are designed to prevent this information being stored on computers without the express consent of the user.

How can the new law be implemented?

Most sites will need a considerable amount of work in the short term to be able to comply fully with the new laws as cookies have become such a fundamental part of the web.  For instance, Google Analytics uses cookies to be able to pull the data on web visitors and this service is used by 60% of the top 10,000 sites on the internet today.

Website owners will have to ensure that current cookies are audited, pull back their reliance of cookies and put in place clear and concise messages to enable users to choose whether they accept the use of cookies as they browse. This acceptance is likely to be in the form of a pop-up with a clear accept/decline button alongside the following 3 pieces of information:

1. Informing users that cookies are present on the site

2. Explaining what the cookies are doing

3. Asking permission to store cookies on the users device

What should I do next?

The first steps are to assess what cookies are present on your website and what function each one performs.  This audit could be relatively simple if your site is fairly small but could also be an eye-opener.

You will then be able to ascertain which ones of these do, or do not, apply to the new laws.  Some of your cookies will not be a problem and can in fact increase a user’s privacy whereas others, such as those which identify individual browsing habits will almost certainly fall foul of the directive.

Once you have done this you will be able to decide which method of gaining consent will work best for you.

What if I do nothing?

The website is likely to receive enforcement notices and if repeatedly ignored can face a penalty of up to £500,000.

Who can help you to do this?

We can!  Get in contact with us to discuss your situation.