So the countdown is on and on 26th May 2012 all UK websites must offer users opt-in consent tools to allow cookies that pass information about your browsing activities to 3rd parties.
What does this mean for your website?
Well it’s been a very grey area and getting the correct answer as to what will make your site legal or not has been tough.
We still think it’s not entirely clear, but what we do know is that 3rd party cookies must be declared, so if you use the likes of Google analytics, Facebook plugins, Twitter plugins, any analytics programs or anything else out with your site then you need to let your visitor know what you are using.
Then you need to offer them the option to accept these or reject them.
This is going to bring a whole host of issues and the following will explain the process of what could happen.
The user arrives at your site and is presented with a message, possibly at the top of the screen like this site
http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx
so you have two options here.
- Do Nothing or
- Click Accept
So choosing option A will stop any 3rd party cookies running, this means if you use analytics for example to track users, this won’t work and the figures will be skewed essentially meaning you won’t have that valuable data you rely on to make decisions about your website.
Choosing B, well this will let things happen in the normal way, but you will notice that people can select cookies for individual elements, so they may say yes to Facebook, but no to analytics.
The consequences could be high.
The Information Commissioners Office (ICO) is the body responsible for enforcing the UK law, with powers to fine website owners up to £500,000 for serious breaches in the law.
I think the next year is going to prove very interesting to see how the larger ecommerce sites battle this.
There are companies out there offering solutions to make your site compliant, but that’s only one element, you could still miss out on that valuable analytics data.
I’d say one of the most important elements in any website is being able to track visitors and what they do while on your site. Fortunately Adeo have integrated an analytics platform that doesn’t include 3rd party cookies and this means we don’t have to ask for permission, so our own analytics won’t be skewed.
If you would like any more info, feel free to contact us as we will be integrating this in to our CMS and Ecommerce platforms.
I’m not familiar with Adeo, but just in case you use first party cookies for analytics, you should be aware that, strictly speaking, they need consent too.
The regulations don’t actually differentiate between 1st and 3rd party cookies. The key distinction in terms of whether consent is required is between “essential” and “non-essential” cookies.
That said, there is a widespread expectation that the ICO may take a more relaxed approach to analytics cookies. I’d say there’s a small risk in not testing for consent before dropping analytics cookies.
Hi Mark
Thanks for the reply, the analytics we are looking to use should be based on a user’s session. which will be essential for them to make purchases through the ecommerce platform.
It will be interesting to see how things develop over the coming months.
I recently wrote an article “Is Anybody Compliant With the EU Cookie Law Yet?”, which you can find here: http://www.cookiecert.com/news/cookie-law-compliance-status-feb-2012.php
As you say it is very hard to know for many sites what to do right now, with the law being so short on actual implementation guidance.
Our cookie database is a good resource to begin to see what cookies are being created on sites, how many and what type.