The EU Cookie Law has caused quite a stir in Europe and the wider area over the last 18 months. For UK businesses this originally meant that compliance was needed by the 26th May 2011. However, the Information Commissioner’s Office (ICO) gave a last minute reprieve, allowing UK businesses one year to comply with the legislation. The one-year anniversary is fast approaching, and compliance should be completed by 26th May 2012.
There has been a large amount of confusion as to what is required to comply, what the precautionary measures are supposed to protect, and what will happen to businesses that ignore the legislation. Will we see a large brand face legal action for ignoring the legislation? Only time will tell.
In an interview with Econsultancy, Dave Evans, of the Information Commissioner’s Office shed more light on the reasons for the legislation, stating, “The cookies rule is aimed at safeguarding privacy online and protect[ing] web users from unwanted marketing.” He goes on to say, “organisations that collect information need to obtain people’s agreement, and you have to tell them what you want to do with it.” This seems fair as a way to protect the privacy of web user. But it then opens up the question…
Although many businesses are fearful of legal action, the latest information suggests that ICO will not be enforcing the legislation heavy-handidly. In the article mentioned earlier Dave Evans said, “We’re here to educate and to promote good practice.”
Therefore, it is recommended that businesses make every attempt to comply, as this will be seen as such by ICO if they were to receive complaints. Dave Evans continued “It’s highly unlikely that organisations will get into trouble because of one cookie or just a few complaints, but we would seek to address any potential issues with the company concerned.”
For many businesses analytics cookies are the biggest concern, for example, third-party cookies being dropped by an analytics program such as Google Analytics.
Some wonder about the issue of ‘implied consent’, and whether such a solution fits within the legislation. Dave Evans said, “Just because analytics cookies are caught by this law doesn’t mean a strict opt-in is necessary. It could, in some cases, be seen as an essential part of the relationship. “
How should we implement the legislation on our websites?
If a business decides to continue serving analytics cookies, it is important that they provide a good level of information about how privacy and cookies (in particular) are handled on the site.
For some organisations this has been achieved by promoting a Privacy & Cookies link to the top of the page. Others have decided to leave this link within the footer of the page. But in either case it is recommended to carry out an audit of the site to determine what cookies are served for each page, and then to list each cookie on the Privacy & Cookies page, with as much detail as possible about what the cookie does.
We are fast approaching unchartered waters with the EU Cookie Law; however, it seems likely that this legislation will not cause major issues for smaller businesses in the short-term. It would be wise to keep an eye on UK Government and large sites such as www.number10.gov.uk, www.parliament.uk, www.amazon.co.uk, and www.bbc.co.uk to see how they implement this legislation going forward.