In May 2011 the UK government passed legislation imposing an EU directive on all websites in the UK, requiring them to get explicit permission from website visitors if they use any ‘cookies’, the little bits of code that are used to remember things like users’ preferences and track their usage of websites.
From 26 May 2012, organisations in breach of the new regulations face fines from the Information Commissioner’s Office (ICO) of up to £500K, though only after failing to comply after a direct warning has been issued.
The new rules sound great in theory. Don’t we all value our privacy? Don’t we all want to be aware of and have control over what information websites store about us?
Certainly none of us wants our online activity tracked and then the data used for commercial gain or otherwise misused. But the problem with this legislation is that it is somewhat unworkable in its present form.
It means that every single website you visit will need to ask whether you accept to have a cookie stored to keep track of your choices. And if you refuse, then there is no way of storing that preference (as that would require a cookie!), so you’ll be prompted to answer the same question every time you visit.
And as for all the bad tracking information that this is designed to counteract, the irony is that in the time it has taken to conceive and impose this directive, many advertisers and web spies have shifted to newer, more invasive and less obvious technology to track us. So once again it’s a case of regulations punishing the innocent rather than the guilty.
It’s not all bad news, however. The spirit of the legislation is certainly good and will hopefully encourage good practice in website development.
Here are some practical suggestions for ensuring that you comply with the new directive, without turning people off your website.
Start with an audit
Focus on policy and communication
All cookies are not created equal
Recognising that not all cookies are bad, the new legislation does allow cookies that are ‘essential’ for the operation of the website. Examples include login sessions and shopping carts which ensure smooth transition between various parts of the website. From your audit results, work out if the cookies you use are permissible under this guidance. The definition is relatively narrow, though, and ads, personalisation and social media widgets are not exempted from the restrictions.
Scale down visitor tracking
The most obvious breach of the new regulations for most organisations’ websites would be the use of statistical tools like Google Analytics (which is used on up to 90% of all websites). Until Google addresses the issue, or the ICO exempts analytics, it may be a worthwhile turning off Google Analytics or finding a cookie-free alternative.
Use a friendly interface for prompts
For further information, you are welcome to contact us at Avec Online by emailing email@example.com as we are offering third sector organisations free advice on compliance with the UK cookie law.