Today is D-Day, the war on cookies officially begins and new EU laws are now implemented in the UK.
Amendments to the UK Privacy and Electronic Communications Regulations, which implement the EU Privacy and Electronic Communications Directive now require business websites to request explicit consent from users to accept cookies.
Let’s start at the beginning.
What is a cookie?
As much as I would love to report that a cookie is a delicious, crumbly biscuit or the fortune cookie in the picture, unfortunately these cookies are not. A cookie is a small file that a website drops onto a users computer (or any other machine used to browse the internet).
Now don’t panic!
The majority of times, these small files are there to enhance the websites user’s experience – for example:
- storing your logins,
- loading images,
- remembering your payment information when you shop online.
Of course, there are those who use malicious cookies and let’s be honest here, they’re not the type of websites that will even try to comply with any laws, even if they are based in the EU where the laws are enforced.
You can learn more about cookies and their uses at http://www.allaboutcookies.org/
Most web browsers (The computer program you use to see the internet – Internet Explorer, Firefox, Chrome, Safari etc.) will allow you to turn off the option to accept cookies. The problem then arises – many websites will not work efficiently without them.
Additionally, not everyone browses the web from a computer these days.
The UK Government’s view is that this ability to turn off cookies combined with your website terms and conditions is not enough to imply consent to accepting cookies from a website.
What we are basically dealing with now is your business website must specifically request permission from a user to allow cookies.
The Information Commissioner, Christopher Graham says he understands the issues.
I have said all along that the new EU rules on cookies are challenging,” Mr Graham said. “It would obviously ruin some users’ browsing experience if they needed to negotiate endless pop ups – and I am not saying that businesses have to go down that road. Equally, I have to remember that this law has been brought in to give consumers more choice about what companies know about them. That’s why I’m taking a common sense approach that takes both views into account. So we’re giving businesses and organisations up to one year to get their house in order. This does not let everyone off the hook. Those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules.
Yet, hop on over to the ICO’s website, they too can not implement this policy and still have a working website for those who opt out. Their website implements the new law with a small pop up at the top. It’s too late, the cookie has been set without permission!
We still have a year to comply. Hopefully in that time there will be cost effective technological advances that allow businesses to give their website users the option not to accept cookies without a plethora of pop-ups and yet still have a working website.
The whole thing is privacy gone mad. The Internet has moved on, plain static business card websites that do nothing but sit there are out of date. To take advantage of the power of the internet, cookies are responsible
- If you have any form of advertising on your website – cookies again
- Analytics and tracking? – yup more cookies
- Do people log in to your website – cookies…
- You have a shopping cart or accept payments online – damn, more cookies
- Pop ups to opt in to your mailing list – you guessed it – cookies
That is just the tip of the iceberg…
While the ICO states they will not be taking any enforcement action until this time next year, businesses with websites are now left in the unenviable position of trying to implement a law that has no current solution and with very little guidance.
What do you need to be doing from today?
Get to know your business website cookies – what are you using, why and are they actually needed?
For more information on the new rules:
ICO News release (PDF)