From 26th May 2012 the Information Commissioner's Office (ICO) will start enforcing the so-called ‘Cookie Law’, a new EU Directive, which requires websites to get the user’s consent before placing a Cookie on their computer.
With the threat of fines of up to £500,000 for non-compliance, and much confusion among businesses and organisations about exactly what their responsibilities are, we thought we’d put together this quick guide.
Cookies are small files that websites use to record information about each visitor. They are stored on the visitor’s computer. Some are fundamental to the operation of the site, others aid functionality or measure performance and some are there purely for advertising purposes. See below for more detailed information on the different types of Cookies.
These Cookies are necessary for the operation of the site.
Example: shopping cart information on an e-commerce site, or authorization for access to a restricted area.
These Cookies don't affect the functionality of a website; they are used to improve performance and to track site usage.
Example: Google Analytics
These Cookies store preferences that help improve the functionality of the site.
Example: location information for services such as news or weather, or accessibility settings for text size, fonts, contrast and so on.
These cookies store (and share) information about your browsing habits.
Example: pop-up adverts that appear across a whole network of sites, targeted at users based on their browsing history.
The legislation applies to all Cookies which are not strictly necessary for the operation of the website. Cookies that are fundamental to the working of the site are not included, but those that add functionality and measure performance are included along with the, arguably much more intrusive, advertising Cookies.
If your web site includes any such Cookies then to comply with the letter of the directive, you should gain consent. This means prompting the user with a message asking them to either accept or reject Cookies for your site. Clearly, this means that should a user choose to disable Cookies for your site you will not be able to track their activity, tailor services to their location and so on.
The ICO’s maximum fine for non-compliance is £500,000 but before you get too worried, our interpretation of the guidance issued is that an offending organisation is likely to be given an opportunity to change its site before fines are imposed.
You can check out the ICO’s guidance for yourself, or if you’re concerned (or if you serve targeted ads on your website) then give us a call or drop in to see us. We’ll be pleased to discuss the issues with you further over coffee… and cookies of course.