I am not a legally qualified person, so can’t advise you how to comply with the new UK cookie law that is effective from 26th May 2012. However, Return On Digital and Berg joined forces for a great short webinar explaining the new regulations. Here’s a reply of the cookie law webinar with my notes below for those who prefer to read rather than watch.
UK Cookie Law Webinar
Overview of the UK Cookie Law Webinar
Types of cookies
- Advertising and targeting e.g. behavioural advertising
- Functionality e.g. Language preference
- Performance e.g. Analytics
- Strictly necessary e.g. Shopping carts
Strictly necessary cookies have a quite narrow definition, most websites will have a mixture of several types.
There’s lots of discussion about the meaning of “consent”, it isn’t a straightforward concept. The Information Commissioners Office (ICO) states that consent must be:
- freely given
- cannot be inferred
- where possible, consent should be obtained before cookies are downloaded onto users’ computers
- where this isn’t possible, then ensure the time between setting a cookie and obtaining consent is a short as possible.
Consent must involve some communication where an individual knowingly indicates their acceptance.
The UK cookie law was introduced in May 2011. The ICO granted websites owners a years grace before enforcing the new cookie law – deadline for implementation is 26th May 2012.
Regulation 6 sets out the requirement to give notice and obtain consent. The ICO expects businesses to have taken steps to comply with the new UK cookie law before the deadline. After the deadline, they can use a range of regulatory powers if the regulations are breached such as:
- Enforcement notices set out steps that must be taken to comply with the regs. Failure to comply is a criminal offense.
- Information notices are written notices that require website owners to provide information to the ICO. Again, failure to comply is a criminal offense.
- Fines up to £500,000
The ICO does not expect websites to stop using cookies altogether. The challenge is to find a solution that gains consent without being annoying to the user or scare them away from your website. It is unlikely that breaches of the regulations will result in fines.
The ICO may consider action against website owners who refuse to make any effort to comply, or are using intrusive cookies without providing any information.
Perform a cookie audit to identify and review the types of cookies used on the website and how intrusive they are. You need to know this to decide what information to give your visitors and choose the appropriate method of obtaining consent.
Use a browser extension such as View Cookies plugin for Firefox. It records and displays cookies as you navigate around a website. There are also a number of organisations that provide cookie auditing services.
Give users information on cookies on your website. It needs to be enough so that users clearly understand the potential consequences of agreeing to allow cookies.
- How cookies work
- The types of cookies used on your website
- The purpose of the cookies
- What information cookies store
- How to withdraw consent
It can be in a written cookies policy, but it does need to be brought to users’ attention.
The ICO is not prepared to endorse any specific method of consent solution. Advice to business is to adapt their consent solution to the type of cookie used.
The department of Culture Media and Sport is working with the major browser providers to develop a solution using browser settings. Most browsers are not sophisticated enough to do this and even if they were, there is no way of knowing if a user has the most up to date browser. For now, alternative methods should be used. These include:
- Pop up boxes – these can be very intrusive. There is greater certainty that users have read the information about cookies and given their consent
- Header bars – similar to pop up boxes but not as intrusive
- Side tabs – a small widget/pop up bar not as intrusive – e.g. Cookie Control
Full compliance puts another hurdle in front of website users. You want as few clicks as possible between landing and conversion – picking up the phone, sending a request, buying etc. You can still test how to best request cookie consent in a way that is both legal and conversion friendly. Usertesting.com
It’s irrelevant how and where a user lands on your site. For example, a landing page (not your home page) designed to sell a particular product will still need to comply with the cookie law.
How will you be complying with the new UK cookie law on your website? Leave your thoughts below.UK Cookie Law - How To Comply (video) by Jan Kearney