A few high-profile U.K. Web sites have in the past few days started to warn its visitors that it uses cookies on their sites.
If this is the first you’ve heard about it and you own a U.K. site that uses cookies, such as those with shopping carts, adverts, a log-in function, or text-size preferences or develop for a mobile application platform…whoops.
You had until the 26th of May 2012 to comply with the new European cookie law.
You won’t be the only one, though. It is thought the majority of U.K. Web sites are breaking the law that dictates how users’ are tracked and logged, despite having more than a year to prepare for the changes.
Here’s what you need to know.
What’s the lowdown: E.U. cookie law or U.K. cookie law?
The E.U.’s “e-Privacy” Directive, which first came into force in 2002, was amended in 2009. Each of the E.U.’s 27 member states were told to bring the directive into their own member state’s law by this time last year, including the United Kingdom.
The U.K.’s amended Privacy and Electronic Communication Regulations (PECR) Act 2011 was brought into force on May 26, 2011. The law stated, among other things, that companies operating in the E.U. and the U.K. must obtain the consent from its Web site users.
Cookies allow Web sites to offer a more personalized experience, such as remembering a user’s preferences. Cookies can also be used for tracking user behavior, and also by Web site owners to track how often their pages are being visited and other interesting non-personal user information.
Some major Web sites, such as the BBC, have implemented new systems to inform users and allow them to opt-out. However, most U.K. government Web sites aren’t ready and already fall foul of the law.
The directive dictates that users should be aware of which kind of cookie is being set, varying from “essential” cookies, such as those used to remember which goods are in your e-shopping cart, to “non-essential” cookies that can be used to track user behavior.
But cookies are only a small part of online tracking, right?
Correct. The E.U. Directive contains only a portion relating to cookies, but also targets “non-essential tracking,” regardless of whether a cookie is involved or not.
Arguably it has distracted many from the wider implications of the directive. Web site and Web application operators need to determine whether third-party trackers — such as advertisers and analytics — are used on their sites.
As much as 40 percent of tracking activity is often not related to cookies, so a “cookie audit” should look outside other tracking technologies.
Why is the U.K. 12 months behind everyone else?
Only three countries actually met the deadline. Denmark and Estonia met the deadline, and the U.K. came close but probably got no more than a D+ for effort.
The U.K.’s data protection agency, the Information Commissioner’s Office (ICO), gave U.K. companies a 12-month reprieve because many were not ready by the half way point in the ICO’s grace period.
The 12-month reprieve was given because many had to rip open the innards of their corporate Web sites and Web applications to work out where cookies were implemented and when they were set.
Define “consent,” exactly.
In the vast majority of cases, a pop-up or some kind of obvious box will appear on a Web site asking a user to tick a box and hit a button. This means a user will give explicit consent to the use of cookies and other tracking tools. Users will also be able to determine the level of cookie and tracking use on the site.
But there’s a problem. Only a few days before the May 26 deadline, the ICO updated its guidance to state that “implied consent” will suffice, seemingly going against the original European Directive. The ICO said that the continued use of a Web site or Web application would imply the user is consenting to the changes — shifting the responsibility of consent to the user rather than the Web site owner.
If you run a WordPress based website, Digital Storm will now make the necessary “fixes” to ensure your website is fully compliant for only £199. Contact us today for more information