Here’s some clarification for website owners on the new EU law – the EU privacy directive on cookies -
What it is:
“The new law is an amendment to the EU’s Privacy and Electronic Communications Directive and will require UK businesses and other organisations to obtain consent from visitors to their websites in order to store and retrieve usage information from users’ computers.”
When Is It Law?
What you need to do
When You Could Get In Trouble
Information Commissioner Christopher Graham announced UK companies will be given up to 1 YEAR to “get their house in order” before the new EU cookie law is enforced by the UK. That is 25 May 2012.
“I have said all along that the new EU rules on cookies are challenging,” Mr Graham said. “It would obviously ruin some users’ browsing experience if they needed to negotiate endless pop ups – and I am not saying that businesses have to go down that road. Equally, I have to remember that this law has been brought in to give consumers more choice about what companies know about them. That’s why I’m taking a common sense approach that takes both views into account. So we’re giving businesses and organisations up to one year to get their house in order. This does not let everyone off the hook. Those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules.”
UK Companies could face a fine of up to £500,000 if they don’t comply with the new EU Privacy Rules. They are obviously taking this a lot more seriously (it seems) than accessibility or company act directives of past.
Communications MP Ed Vaizey added:
“This Europe-wide legislation will ultimately help improve the control that individuals have over their personal data and help ensure they can use the internet with confidence. But it will take time for workable technical solutions to be developed, evaluated and rolled out, so we have decided that a ‘phased in’ approach is right.”
I saw this comment as well from Yahoo news – I am not sure how accurate this is – I am still learning about this too.
Just a quick clarification for some of you confused. This covers all cookies that keep hold of user specific data, from tracking customer page views to remembering login details. Explicit consent does NOT need to be done on a per visit basis and for those of you who require logins or registrations it should be fairly easy to work round. This law does not cover things like shopping baskets etc.
This is the official message that is on the ICO website (who should know what they are doing) – and they do it through a pretty unobtrusive header message:
…the ICO also go on to say about the EU law on cookies -
Organisations have 12 months to make sure they comply with the new rules (EU Privacy Directive On Cookies). In that time we expect websites to be looking at the cookies they use and where necessary putting in place steps to get your consent. If a website does not appear to be taking steps to comply with the new rules and we receive a complaint during this 12 month period we will provide advice to the organisation concerned on the requirements of the law and how they might comply. Where we think it is appropriate we will also ask organisations to explain the steps they are taking to ensure that they will be in a position to comply by May 2012. We will continue to consider complaints about organisations that are not providing information about the cookies they use because this has been a requirement for several years. From May 2012 we will expect websites to be complying with the law and will deal with complaints about sites that are not complying in line with our normal procedures.
Why the reason for the 12 months grace for UK businesses? Well, it’s practically unworkable for a lot of sites at this time. The ICO will obviously lead the way and is an example of what you can expect but even they have run into problems:
Our priority has been complying with the law from 26 May. The biggest change is that we are providing users with a choice to accept cookies from our site before they are set. We ask this question only of users who haven’t disabled cookies at the time they arrive at our site, or where we can’t tell if they’ve disabled them or not. We are setting our analytics cookies only when a user provides their consent. Currently our website contains one cookie that we do not use, but is essential for part of the site to operate. At present we have left this in place across the site, as we’re unable to remove it from one part of the site without affecting another. This session cookie is set on a user’s arrival to the site – at which time they’re informed that the cookie has been set – and is deleted when a user leaves the site. We are continuing to look at ways to provide users with choices about this and all the cookies we use on our site. Finally, we have updated our privacy notice to provide more information about the cookies we use, as well as directing users to detailed information about how to delete and manage cookies.
Google Analytics FYI
I found this info quite interesting:
The impact on Google Analytics users – Google Analytics uses 1st party cookies to anonymously and in aggregate report on visits to your website. This is very much at the opposite end of the spectrum to who this law is targeting. For Google Analytics users, complying with the ToS (and not using the other techniques described above), there is no great issue here – you already respect your visitors privacyâ€¦!
Though there is clearly some confusion about that interpretation as the question of whether or not GA is essential to the working of your website is probably going to be debated – and – I guess things will become clearer as the year goes on. Affiliate marketers are in for a torrid time at any rate.
I’ll update this page with more later…..:)
Royalty Free Cartoons credit where credit is due.