In the past few weeks we’ve had numerous calls from clients looking for advice on what to do about the new ‘EU cookie directive’ (which is actually an amendment to the EU’s Privacy and Electronic Communications Directive).
The concern of our clients has been largely driven by emails from law firms, the content of which is bordering on ’scaremongering’. Tut tut. They’re doing the right thing in drawing attention to this new directive but from what we’ve seen they aren’t offering any reasonable and practical advice (at least not for free).
Our simple advice to clients is ‘Don’t Panic!’
Firstly, what is a cookie?
As this directive concerns the ICO, let’s use their simple description…
One common technique of storing information is widely known as a cookie. This is a small file that a website puts on a user’s computer so that it can remember something, for example the user’s preferences, at a later time. The majority of businesses and organisations in the UK currently use cookies for a wide variety of reasons – from analysing consumer browsing habits* to remembering a user’s payment details when buying products online.
If you really want the detail on cookies try Cookie Central or Wikipedia (but be prepared to get bored!)
About the law
“The new law, which will come into force on 25 May 2011, is an amendment to the EU’s Privacy and Electronic Communications Directive. It will require UK businesses and other organisations to obtain consent from visitors to their websites in order to store on and retrieve usage information from users’ computers.”
Most of our clients’ websites use cookies – the primary reason being the almost ubiquitous use of *Google Analytics to track site usage and general behavior – as do a massive number of sites around the world. The use of cookies largely happens in the background as the vast majority of website users have their browsers set accept cookies – in fact it’s the default setting on most browsers.
As it’s the ICO that will be responsible for enforcing the directive, let’s see what they think. In a press release on the 8th March 2011 the ICO state the following…
“Businesses need to be working to address the way they use cookies. We recognise that work will not be complete by the implementation deadline. The government is clear that it will take time for meaningful solutions to be developed, evaluated and rolled out.
“We recognise this could cause uncertainty for businesses and consumers. Therefore we do not expect the ICO to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies.”
So, an overnight change in how cookies are used is not going to happen. Don’t forget, this is an EU directive and the web operates across boundaries and is largely driven by tech companies in the States.
In the meantime it’s probably worth revisiting your website’s privacy policy to ensure you acknowledge the use of cookies, and wait for a clear direction to emerge. You could also read the ICO document on the ‘changes to the rules on using cookies‘ – the first step being to understand what cookies your site uses on and how this might impact on a user’s privacy.
ICO Press Release: ICO advice on new EU cookies law