New EU Cookie Law

0 Comments | Posted by Emily in Build & Development, Technology, Web Maintenance | 26th April / 2012

Regulations governing the use of cookies on websites were made law on 26/05/2011. The Information Commissioner has provided a 12 month lead in period to allow businesses time to prepare, meaning that the regulations come into force on 26/05/2012.

We’d recommend having a quick audit of your site to assess the use of cookies. Our audit will provide you with a report to give you a clear picture of how closely your site adheres to the new law, and a cost to implement the correct method for asking visitors’ permission to use cookies. WDL’s cookie audits are a fixed price of £100+VAT for any size of site, and there’s no obligation to have the recommended work completed.

Please contact us at hello@websitedesign.co.uk to find out how to make your site compliant.

New Law Summary

In summary, the new regulations state that websites that use cookies may be required to gain consent from their users to place cookies.

Those setting cookies must:

•    tell people that the cookies are there
•    explain what the cookies are doing
•    obtain their consent to store a cookie on their device

There is an exception to the requirement to provide information about cookies and obtain consent where the use of the cookie is:

(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or
(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

‘Strictly Necessary’ applies when a cookie is required to provide a service. A cookie used to implement a shopping cart would probably be considered strictly necessary, but a cookie tracking an affiliate, or collecting statistics (e.g. Google Analytics) would not be.

Responsibilities

The responsibility for ensuring compliance with the regulations lies with the operator of the website. Website operators should consider the following steps:

•    Check what cookies are being used on a site and how they are being used (audit)
•    Assess how intrusive the use of these cookies is
•    Decide what solution for obtaining consent is appropriate

Operators must also provide clear information about the use of cookies on their sites, not just as part of a privacy policy. A mechanism for getting user consent for cookies should be put in place if necessary, and depending on the nature of the site could include:

•    popups, splash pages, overlays, header / footer bars
•    terms and conditions, which have to be accepted to use a site
•    settings (e.g. on a forum or membership site)

Enforcement

Enforcement of compliance starts on 26th May 2012, and is policed by the The Information Commissioner who has 4 main options for enforcement:

  1. Information notice: this requires organisations to provide the Information Commissioner with specified information within a certain time period.
  2. Undertaking: this commits an organisation to a particular course of action in order to improve its compliance.
  3. Enforcement notice: this compels an organisation to take the action specified in the notice to bring about compliance with the Regulations. For example, a notice may be served to compel an organisation to start gaining consent for cookies. Failure to comply with an enforcement notice can be a criminal offence.
  4. Monetary penalty notice: a monetary penalty notice requires an organisation to pay a monetary penalty of an amount determined by the ICO, up to a maximum of £500,000. This power can be used in the most serious of cases and if specific criteria are met, if any person has seriously contravened the Regulations and if the contravention was of a kind likely to cause substantial damage or substantial distress. In addition the contravention must either have been deliberate or the person must have known or ought to have known that there was a risk that a contravention would occur and failed to take reasonable steps to prevent it.

What Next

We are not lawyers, and can’t provide specific advice about the legal implications of the cookie regulations. We do suggest though that website owners read and understand the implications of the new regulations, and make up their mind about how best to proceed.

We offer cookie audits at £100+ VAT, which will include a quote for the work involved in making websites compliant.

Take the first step by contacting us at hello@websitedesign.co.uk

NB: A practical interpretation of the law is provided on the ICO website at http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx – you may want to look at the pdf on the first link in the first paragraph for more information.

 

Emily

Once upon a time, in a faraway land (Portsmouth), Emily graduated in English Language in 1999 - the year made famous by Prince. In her varied career she has since scaled dizzy heights writing and editing web content, designing and creating web imagery and managing projects with design and development agencies. More recently she had children so didn’t work for a bit. She’s back now though…

More Posts - Meet the rest of the team

No comments yet.

Leave a comment!