EU Cookie Legislation Update
25 September 2014

EU Cookie Legislation Update

Following recent changes to EU privacy legislation all websites are now required to obtain informed consent from UK and EU visitors for the use of cookies and other user tracking technologies.

The change in legislation was prompted by a wide spread use of cross site visitor behaviour tracking cookies.  These cookies allow websites to target their advertising based on your previous browsing activity, even if that activity took place on another site! For example you might search for 'shoes' on one website and then see lots of adverts for shoes popping up on several other sites you visit.

However almost all websites use cookies in some form or another, and the legislation has been drafted to cover all use of cookies.  Shopping websites use cookies to identify visitors and track what they have put in their baskets, and most websites include some form of analytics cookies (most commonly Google Analytics).  

The law does distinguish between cookies which are essential for the purposes of making your website work, and cookies which exist for other purposes (most commonly for tracking visitors behaviour). In the case of cookies which are essential to the operation of your website the legislation allows for implied consent.  This means that provided your website makes it clear that these cookies are being used, explicit consent is not required.

In the UK the Information Commissioner (ICO) is taking a relaxed approach to analytics cookies (e.g. Google Analytics). Their guidance is that analytics cookies are fairly unobtrusive and therefore, as long as you inform users about their use, explicit consent is not required.

Apart from a few lonely supporters the reaction from most website owners to this new legislation has been entirely negative. Many view it as an ill-conceived law that fails to appreciate the technical reasons for which many cookies are used. Many are holding out for a change in the legislation or for some kind of meta-solution from browser vendors and major web players like Google and Facebook.

However, irrespective of how individual website owners feel about the law, it is likely that as awareness of this issue grows website users will be more likely to trust and engage with companies that clearly demonstrate they are respecting their online privacy choices.

As a website owner, in order to achieve compliance with the law there are three things you must do:

  • You must audit the cookies used on your site and present clear information about them on your website's privacy policy
  • Based on the types of cookies you're using on your site you must decide on a model for managing awareness and consent
  • Where necessary you must make technical changes to the cookie-storing scripts in order to test for consent before a cookie is stored

In practice, provided your cookies do not fall into the categories requiring explicit consent, compliance can be achieved with a few simple changes to your website. Webfuel can assist with auditing the cookies on your site and implementing an on-site cookie information tool which uses the appropriate consent model based on the types of cookies you are using. You can see an example of how this tool works on this website, in the bottom left hand corner. We can also provide example wording of a cookie compliance statement for your website's privacy policy if required.

If you would like to discuss the cookie compliance law and how it applies to your website please give us a call on 01509 852 188.

For further information you can read the Information Commissioner's advice (PDF - 400Kb).

© 2024 Webfuel Limited. All Rights Reserved. | Privacy Policy | GDPR Statement

Get A