EU Cookie Law

cookie-website-image

EU Cookie Law

The Cookie Law explained

What is the Cookie Law?

The Cookie Law is a new piece of EU privacy legislation that requires websites to obtain consent from visitors to store or retrieve any information on their computer or any other web connected device, like a smartphone or tablet.

Websites use a variety of technologies to provide specific content and experiences to their visitors, some of these technologies use Cookies in order to work.
[Find out more about cookies]

Why implement this new law?

The legislation is designed to help protect online privacy by giving consumers the choice of the allowing websites to capture and use information about them.

When does it come into effect?

On May 26th 2011 all EU countries adopted the EU Directive. So far the UK is the only country to have updated its own Privacy and Electronic Communications Regulations, to bring the EU Directive it into UK law. Other countries will follow in due course applying the same fundamental guidelines as the EU Directive.

Many people are not aware of it yet, but the law is already in effect in the UK. However The Information Commissioners' Office (ICO), the UK regulator, gave everybody a one-year 'grace period' before they start enforcing it.

That grace period will expire on May 26th 2012.

What do you need to do to make your website compliant?

The ICO have produced guidelines for website owners who want to become compliant, [you can view full details here]

ICO guidelines summary:

  • Under go an Audit your website to list your Cookies.
  • Detail what each cookie requires in terms of consent, not all Cookies require visitor consent.
  • Implement a consent form on your website to allow visitors to:
  • Inform visitors about their rights as consumers
  • Allow visitors to consent or not to Cookies.
  • Link to your Privacy Policy giving more detail about consumer rights and what type of Cookies are enabled on your website. [optional]

What are Cookies?

Cookies are small files, saved to your computer by your web browser. They are designed to hold a small amount of data specific to a particular user and website, and can be accessed either by the web server or by your computer.

Cookies are designed to allow the websites to tailor content and the experience to you by writing and reading the stored data saved to your computer.

A good example would be when you visit an online store, like Amazon or eBay, and add an item to the shopping basket then leave. When you visit the site again in a few days the shopping basket items are still there.

Cookie uses

  • Analysis of visitor behaviour like which pages you have seen and how long you have spent on a specific page.
  • To personalise page content and remember your preferences.
  • To manage shopping carts in online stores.
  • To track people across websites and deliver targeted advertising

Cookie types

A Cookie could be one or more of the following types:

First Party Cookies

First Party Cookies that are written and read by a single website. These are defined by the domain name from the site that created them. They are only accessed by this domain so no other website can access the information in the Cookie.

Third Party Cookies

Third Party Cookies written and read by a website that is different to the one you are currently visiting. This means that the information gathered by your actions will from multiple website in order to build a profile of you. Predominately used by advertising networks to better target advertising to you, these types of Cookies are higher risk to exploiting your privacy.

Session Cookies

Session Cookies are only stored temporarily in your browser's memory, and are destroyed when it is closed down, unless you simply navigate away from the website they came from. These cookies are designed to work as long as you are interacting with a website, like if you are signed into an online account of some sort.

Persistent Cookies

Persistent Cookies are Cookies that are written to your computer and stored there for a length of time until it expires. All persistent cookies do have an expiry date, and if that expiry date is reached, it will be removed by your computer. Expiry dates have no limit and can be saved for several years. Website analytics such as Google Analytics is one of the implementations of persistent cookies.

Secure Cookies

Secure cookies are only written and read when a website uses a secure protocol, the website address will use https in the URL Using a secure protocol means that the information passed from website to your computer is encrypted. Secure Cookies are commonly used in account and transactional areas of a website.

HTTPOnly Cookies

HTTPOnly Cookies are Cookies with an attribute set in order to stop the current page to access it. This means it is less vulnerable to attacks from malicious scripts.

Become Cookie Law compliant

The process is simple:

  1. Undertake a Cookie audit.
  2. Implement code script for approval.
  3. Update your Privacy Policy.

Requirements:

  • Access to your webserver and Content Management System (CMS)
  • Details of any 3rd party integrations into your website such as Google Analytics.