I feel I must start this post with a disclaimer: “The content of this post is very much my opinion, and although I have done my best to state how I think this will affect real businesses in the real world, it is NOT legal advice, and should not be considered as such.” Next week (May 27th 2012 to be precise) sees another EU law come into force. The law in question is the ” Regulation 6 of the UK Privacy and Electronic Communications Regulations 2003″ or “The Cookie Law”. On the face of it, regulation 6 states that if your site sets cookies on a user’s computer/smartphone/device then you must obtain their permission before you set them. Ow! But before we get too excited, we need to look at what the law it trying to protect against, and the detail of what it says. I believe that the law is trying to ensure that websites which collect personal data to be used for marketing purposes (eg serving targeted adverts), must obtain people’s permission before doing so. But cookies have many uses outside of this, most of which have no privacy issues whatsoever (for example analytics that track web usage anonymously, and do not contain any private data). Although both of these uses fall under the new law, I would hope that the ICO would focus on sites using and abusing the former, rather than those using the latter, and my experience tells me that this will be the case. I recommend that you read ICC UK Cookie guide – by the International Chambers of commers (ICC UK) on the subject. The guide is not long, is clearly written, and I believe gives a good analysis of how the new regulations should be viewed in the real world.
But what do you need to do?
If you are concerned, the first thing to do is to download and digest the guide. Secondly, talk to your web developer (if it’s us, we are happy to chat this through with you) and ask them how cookies are used on your site if at all. I would also make the following suggestions:
- If your site has functionality that requires users to create an account and to log in (eg an e-commerce site), make sure that you require users to agree to your sites terms and conditions when they create an account, and ensure that those terms and conditions contain the consent to collect & store cookies.
- If you use a “re-marketing service” for example Google re-marketing an another form of web advertising targeting visitors either on your site or after they have left it, then you will need to make visitors aware of this, and gain their consent to do so. The ICC Guide gives some fairly clear advice on how to respond if you fall into this category.