The New EU Cookie Laws – What You NEED To Know – A Round-Up.

March 15, 2012

, The New EU Cookie Laws – What You NEED To Know – A Round-UpWhat Is The Law?

The new directive is a piece of European Union legislation that has been adopted in the UK. The government have now updated the Privacy and Electronic Communications Regulations, which now means that the EU directive is now UK law.

This law requires all website owners to get consent from their website visitors before they can store or retrieve any information on their devices including computers, tablets and mobile devices.

The ICO Updated Guidance For Website Owners

When Does The Law Come Into Force?

The new law comes into force on 26th May 2012. A 1 year grace period was given from May 2011.

What Are Cookies?

Cookies are files that are stored on your computer or device that store information about the user, that websites can use and retrieve at a later date. This may be information such as personalisation options, search history, purchase history, log-in information, and browsing history.

What Are Cookies? – The BBC

Does My Site Use Them?

Almost certainly yes. 92% of UK websites currently use cookies in some capacity, and the vast majority are breaking the law. If you’re using website analytics software like Google Analytics, advertising networks, or e Commerce software then the overwhelming majority of these will be using cookies to store user information.

How Can I Comply?

In order to comply with the legislation your website must obtain explicit clarification before you can store information about them on their devices. An exemption has been made for cookies that are deemed to be vital to the operation of a website. Advertising, analytics and personalisation functions are not exempt however.

Must Try Harder On Cookie Compliance Say ICO – ICO News Release

Key points set out in the amended cookies advice include:

  • More detail on what is meant by consent. The advice says ‘consent must involve some form of communication where an individual knowingly indicates their acceptance.’
  • The guidance explains that cookies used for online shopping baskets and ones that help keep user data safe are likely to be exempt from complying with the rules.
  • However, cookies used for most other purposes including analytical, first and third party advertising, and ones that recognise when a user has returned to a website, will need to comply with the new rules.
  • Achieving compliance in relation to third party cookies is one of the most challenging areas. The ICO is working with other European data protection authorities and the industry to assist in addressing the complexities and finding the right answers.
  • The ICO will focus its regulatory efforts on the most intrusive cookies or where there is a clear privacy impact on individuals.

EU Cookie Law – 4 Examples Of Sites Already Implementing It – Malcolm Coles

EU Cookie Law, 3 Approaches To Compliance – EConsultancy

Cookie compliance: Econsultancy analyses the latest ICO guidance – EConsultancy

The Cookie Law And Google Analytics

, The New EU Cookie Laws – What You NEED To Know – A Round-UpFor most non-e commerce website owners the biggest impact is going to be on sites using analytics packages such as Google Analytics. Google Analytics currently sets 4 automatic cookies.

Unfortunately there is no official statement from Google as yet.

Google Analytics EU Cookie Law – Cookielaw.org

Google Analytics and the EU Cookie Law compliance could vary from country to country within the 27 state member areas. The more likely cookie law analytics solution will come via modification of the current Google analytics code, and/or an add-on, special dispensation from the requisite ICO office in that country or a browser solution through Google Chrome for instance. The UKICO office has already published information on using cookies.In time, Google might ask site owners to update their privacy policy, browsers may be engineered to include a universal consent or opt out button, similar to Do-Not-Track (DNT). Admittedly anything is possible.

In the past the EU’s Privacy and Electronic Communications Directive applied to user data, and this was largely interpreted to relate to e-mail data storage. The  ‘EU cookie directive  builds on this – no surprise you might say in light of the huge increase of seller side platforms (SSP), demand side platforms (DSPs), retargeting, tracking, ad-optimization and real-time bidding and personalization.

Cookie Law – Anaylics Are Illegal, But We Won’t Prosecute You, Probably – Silktide

“Although the Information Commissioner cannot completely exclude the possibility of formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals.”

“Provided clear information is given about their activities we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action.”

Google Analytics and The New EU Privacy Law – Advanced Web Metrics

How Will Compliance Affect My Site?

There are some probable negative affects of complying with the new law.

  • You may see increased bounce rates from adding warnings to pages, most of your visitors probably won’t even know what a cookie is.
  • You will lose valuable analytics data
  • Website personalisation will be affected
  • Other marketing areas such as email marketing and use of advertising networks will be altered

How the EU Cookie Law Will Affect Email Marketing – Cite

82% of digital marketers think the EU cookie law is bad for the web – EConsultancy

Stupid EU cookie law will hand the advantage to the US, kill our startups stone dead – Techcrunch

What Will Happen If I Fail To Comply?

There is a maximum £500,000 fine  if a breach of the law has caused “substantial damage or substantial distress. It is worth noting that there is a clear distinction to be made between first party cookies set for your own site and third party cookies often used to track behaviour across multiple websites.

“There will not be a wave of knee-jerk formal enforcement action taken against people who are not yet compliant but trying to get there”. – ICO Blog

Ultimately the decision to the actions that you take in order to move towards full compliance has to be your own after reading all of the facts and making a reasonable risk assessment.

EU Cookie Law: UK Government ‘break’ the law they imposed – Code Blog