A Guide To 2012 Cookie Laws

The EU regulations on the use of cookies is coming into force. This affects anyone who is using cookies on their website and includes ALL of Digital Six®’s ecommerce clients and most non ecommerce clients. These cookie regulations shouldn’t be too scary, as there are simple things that you can do to comply. However, it is important that your website conforms to avoid possible fines in the future.

What are cookies?
Cookies are small files that are downloaded onto your PC when you visit a website. They are simple ’text files’ which normally contain two pieces of information: a site name and unique user ID. When you visit a site that uses cookies for the first time, a cookie is downloaded onto your PC. The next time you visit that site, your PC checks to see if it has a cookie that is relevant (that is, one containing the site name) and sends the information contained in that cookie back to the site.

The site then ’knows’ that you have been there before, and in some cases, tailors what pops up on screen to take account of that fact.

Who uses cookies?
Most websites use cookies. In fact, anyone with Google Analytics installed on their website is using cookies to track visitor information.

Cookies are commonly used in:

Analytical tracking – used to store information about where a user has come from. Analytics is virtually impossible without cookies.
Affiliate programme tracking – to record what affiliate programme has resulted in a sale.
In ecommerce – to record what items are added to a basket as part of the checkout process. Online shopping would be relatively impossible without cookies

What should you do to comply with the regulations?
The regulations are designed to give website users peace of mind when it comes to using the web and there is no reason to worry.

The regulation essentially says that the storage of cookies must now be done with the prior consent of the user, rather than offering a way to opt-out of cookies after the fact.
Excluded from this rule are uses of cookies that are ‘strictly necessary’ for a service requested by a user (e.g. session tracking cookies for logged in users and potentially cookies vital as part of the shopping process).

We recommend that, at a minimum, you add information on your website for how you use cookies.
There are some issues with this legislation. If you were to follow the code to the letter, you would have to allow all visitors to “opt in” for Google Aalytics tracking. We imagine that this is not practical for most websites, as potential customers will be unlikely to select the “opt in” button. The regulators, however, have shown what this looks like on their own website: ico.gov.uk

There is an option to opt in on the top of the page, however most customers will be unlikely to allow cookie tracking without a good reason.

The regulation is rather complex, but there are simple things you should do on your website:

You must tell people that you are using cookies – perhaps through a Cookie Policy or Cookie Statement. This should be in addition to the standard privacy policy included on your website.
You should provide visitors with information about how they can opt out of using cookies

Note, we are not legal experts at Digital Six so we recommend that if you are concerned about cookies you should contact a legal specialist.

Additional Resources
ico.gov.uk