UK Website Cookie Regulations
UPDATE: For the latest on the Cookie Laws, be sure to check out this post on the AmbITion Scotland blog.
Contributed by Cameron Leask of Escrivo Internet Consulting.
Over the past few months, you might have read about new privacy regulations to control the use of website cookies. These came in to force on 26 May and almost certainly impact you if you operate a website. Amongst other things, the updated regulations cover one of the least visible and most widely used, and most misunderstood web technologies – Cookies.
Who is affected?
What is a Cookie?
A website cookie is usually stored as a small text file on a user’s computer b y their web browser (Internet Explorer, Firefox, Google Chrome or similar). They can be set to expire when you close your browser, or to be stored until a defined date and time. Cookies are set for a particular domain. Your website can only set cookies for your own domain, but in some circumstances you might want to include content hosted by a third party in your web page (a common example would be embedding a social media plugin or a video “widget”) – which would allow the third party website to create cookies for its domain too.
A typical web page with a Facebook “Like” button, a YouTube video and Google Analytics might create up to a dozen cookies on the visitor’s computer.
How do cookies work?
Most modern browsers allow users to decide whether to accept cookies, but rejecting cookies can make a website unusable if it depends on cookies to operate.
So what’s the problem?
What you will need to do
The Information Commissioner’s Office (ICO) has made it clear that they will enforce the new regulations from May 2012, which allows for a period of preparation and planning beforehand.
The new regulations require you to do two things:
Provide visitors with clear and comprehensive information about the cookies your website uses and the purposes of the storage of, or access to, the information that they store and...
Obtain consent from your visitors for the use of those cookies
This means that by May next year, you will need to:
- Requirement 1: Know which cookies your website creates and
- Requirement 2: Be able to describe the data stored in those cookies, and its purpose, and
What you need to do now
As soon as possible, start preparing to comply with the new regulations by conducting a Cookie Audit to identify the cookies that your website uses and to assess their impact on the privacy of your website visitors. For most websites a Cookie Audit will be a relatively simple exercise but it’s a job that will probably need to be repeated periodically – perhaps annually, or more often if you regularly add new features to your website.
Based on the results of your Cookie Audit you can identify the data being stored and uses made of that data. From this information you might be able to remove some cookies that are not required.
The most logical place to obtain consent would be in the web browser software – but current browser privacy settings are “not sophisticated enough to allow you to assume that the user has given their consent” according to the ICO. However, you are still required to prepare to comply with the regulations.
Where can you get more help?
Visit http://www.escrivo.com/culturesparkscookies to learn more about how to perform your own Cookie Audit. We’ve also provided details of our own Cookie Audit service.
You may also want to speak to your website developer, to establish whether they can help.