Cookie crunch

Is your website ready for the 'cookie crunch'?

In May 2011 the UK government passed legislation imposing an EU directive on all websites in the UK, requiring them to get explicit permission from website visitors if they use any ‘cookies’, the little bits of code that are used to remember things like users’ preferences and track their usage of websites.

From 26 May 2012, organisations in breach of the new regulations face fines from the Information Commissioner’s Office (ICO) of up to £500K, though only after failing to comply after a direct warning has been issued.

The new rules sound great in theory. Don’t we all value our privacy? Don’t we all want to be aware of and have control over what information websites store about us?

Certainly none of us wants our online activity tracked and then the data used for commercial gain or otherwise misused. But the problem with this legislation is that it is somewhat unworkable in its present form.

It means that every single website you visit will need to ask whether you accept to have a cookie stored to keep track of your choices. And if you refuse, then there is no way of storing that preference (as that would require a cookie!), so you’ll be prompted to answer the same question every time you visit.

And as for all the bad tracking information that this is designed to counteract, the irony is that in the time it has taken to conceive and impose this directive, many advertisers and web spies have shifted to newer, more invasive and less obvious technology to track us. So once again it’s a case of regulations punishing the innocent rather than the guilty.

It’s not all bad news, however. The spirit of the legislation is certainly good and will hopefully encourage good practice in website development.

Here are some practical suggestions for ensuring that you comply with the new directive, without turning people off your website.

Start with an audit

The first step is auditing your website for its use of cookies. The easiest way to do this is to use a browser extension like the ‘View Cookies’ extension for Firefox. Make a note of all the cookies logged as you browse your site and together with your website developer work out what they do.

Focus on policy and communication

Arguably the main thrust of the new legislation is improving communication. If your website doesn’t already have a clear (and easy to find) privacy policy, make sure it does, and that it explicitly describes what cookies you use and what their purpose is. And then tell users how to use their browser settings how to turn off cookies, as that’s by far the most sensible place for the permission to be given or denied. (It’s kind of like having a switch inside the car for headlights, rather than being prompted by every road you drive on whether or not to use them.)

All cookies are not created equal

Recognising that not all cookies are bad, the new legislation does allow cookies that are ‘essential’ for the operation of the website. Examples include login sessions and shopping carts which ensure smooth transition between various parts of the website. From your audit results, work out if the cookies you use are permissible under this guidance.  The definition is relatively narrow, though, and ads, personalisation and social media widgets are not exempted from the restrictions.

Scale down visitor tracking

The most obvious breach of the new regulations for most organisations’ websites would be the use of statistical tools like Google Analytics (which is used on up to 90% of all websites). Until Google addresses the issue, or the ICO exempts analytics, it may be a worthwhile turning off Google Analytics or finding a cookie-free alternative.

Use a friendly interface for prompts

When prompting users to allow or refuse cookies, pay attention to user interaction design. Most solutions involving pop-ups or banners we’ve seen are ugly and will only turn users away from your website. Consider instead implementing an elegant solution like the one provided by the Cookie Control script from Civic UK.

For further information, you are welcome to contact us at Avec Online by emailing as we are offering third sector organisations free advice on compliance with the UK cookie law.