The EU Privacy Directive (or new ‘EU Cookie Law’): Is your website breaking the law?

The EU Privacy Directive (or new ‘EU Cookie Law’): Is your website breaking the law?

Like it or loathe it, you can't ignore the EUIt’s made headlines all over the place over the last week so I’d guess it’s caught your attention and you have an idea of what it is, but first a quick summary just in case you were away on holiday or under a stone.

What is this ‘new’ EU cookie law all about?

Firstly, it’s not new as such. It started as an EU ‘directive’, which stipulated on May 27th 2011 that EU member states had 1 year to get themselves compliant. In June 2012 it kicked in.

It’s purpose is to force websites to receive ‘consent’ from visitors on arriving at their site if they use certain ‘cookies’. ‘Cookies’ are small packets of data often stored on your computer when you visit a website, for a range of purposes starting from the simple logging of whether you’ve visited the site before and up to the more elaborate such as saving the contents of your shopping basket on eCommerce sites.

Typically they’re innocent, and quite vital for making many websites as useful and rich an experience as possible for visitors. Sometimes though they’re used to track as much personal detail as possible though (for adverts for example) and the EU rightly had concerns about how they’re used.

Does my business need to take action? We’re only a small business!

The ‘Information Commissioner’s Office’ has full guidance on it and the (very few) cookies which are exempt, but here are a couple of quick ways to work out if it effects you:

  • Do you use Analytics such as Google Analytics to track site vistors? If so: Yes, you need to take action whoever you are
  • Do you serve any adverts on your site or have a shopping facility? If so: Yes, you need to take action whoever you are

I’ve not taken action yet! Am I breaking the law!? Will they send me to gaol!?

Well, yes you are technically breaching it if your site isn’t yet operating a system of consent. The ICO has the power to charge up to £500,000 for businesses in serious breach.

However don’t panic, the ICO has indicated that it wants to take a ‘softly softly’ approach, so isn’t intending on dishing out fines willy-nilly. What’s more likely is if you’re found to not be in compliance they’ll give you their guidance on how to comply and a deadline to get your ship in order (caveat here of course: you mustn’t take my word on that as legal advice, I’m not a lawyer and can’t be held responsible for your actions or lack of based on this post!)

So in a nutshell, what do I need to do to comply?

The steps involved in bringing your site back into line with the law are:

  1. Analyse the cookies your website is currently making use of.
  2. Make sure you have a ‘cookies’ privacy policy on your site which provides “clear and comprehensive information about the purposes of the storage of, or access to, that information” held by these cookies.
  3. Put a system in place on your site to ensure visitors are made aware of this information and can give consent to such use of cookies.
  4. Ensure your information remains up to date if any additional use of cookies is added.

Go on, how do I do all that then, huh?

Here are some useful resources for getting these tasks done if you want to try it for yourself:

  1. There are a number of browser plugins available to easily display what cookies a website uses when you visit it. This one for Firefox for example, or here’s one that will help make Internet Explorer ones clearer. Once you’ve identified the cookies you’ll need to research exactly what purpose they’re serving and what put them there so you can inform your visitors.
  2. The ICO are again a great source for working out what to write for your policy. You could also try the free trial of ‘SiteBeam‘ which can help generate a template to use for this. What you need to do is make it clear what cookies are there, what they’re used for and provide good information on how to manage them and opt-out where applicable.
  3. There are a couple of pretty good free bits of code & plugins which are being shared to help people meet this requirement. ‘Cookie Consent‘ is one, a modified version of which we make use of on this site. You may also see ‘Cookie Control‘ in use on a number of sites. You’re going to need to know a bit of website tech to put them in place though (such as JavaScript), and if you want them to fit with your website design a bit of ‘CSS’ design as well.
  4. Good practice would be to review your site cookies whenever you introduce a new plugin or new code which was written by somebody else. You should also be giving your site a general assessment at least once a year.

Or of course bring in Web Propelled and we can use our expertise to do the above for you!

If that all seems a bit too confusing or technical for you then we’d love to help bring you into line with the legislation. Costs vary (big, complex sites take a bit more work) but start from just £50 for a typical small business website or blog (not bad for the peace-of-mind hey?), so why not drop us a line?

Leave a Reply

Your email address will not be published. Required fields are marked *