In May last year a new law came into effect that requires all websites to get consent from the user before using cookies. In December the Information Commissioner’s Office (ICO) issued further guidance, which you must comply with by May 2012.
What are cookies?
Cookies are used by websites to remember information about you. The most common uses of them are:
- To remember what you’ve added to your shopping basket
- To remember who is logged into the website
- To monitor how you use a website
What does the new law say?
You must now get explicit consent from the user before you may use cookies – simply having a privacy policy is no longer good enough.
In addition, you must ensure that the user understands exactly what they are agreeing to by giving them clear information about what cookies are and how you use them.
Why was this law passed?
The aim of the law is to make people more aware of the privacy implications of cookies, to give users an informed choice, and to prevent websites tracking users without their knowledge.
Who does the law affect?
This law affects all websites that use cookies for any reason. Since almost all websites use cookies in some way, this probably includes you!
Even if you have a simple, static website but you use Google Analytics it affects you, since Google Analytics uses cookies. The law makes it your responsibility (not just Google’s) to comply.
How long do we have to comply with it?
The ICO has given us until May 2012 before they will start enforcing the law.
However, they have made it clear that they expect to see progress being made well before then because it could take some months to achieve compliance – so you should act now.
What do you need to do?
The ICO has laid out clear steps it expects you to go through:
- Conduct an audit to check what cookies your website uses and what they’re used for.
- Assess how intrusive your use of each cookie is to the user’s privacy, so you can prioritise fixing the intrusive ones.
- Implement any necessary technical changes to ensure you have consent to use cookies.
What will happen if you don’t?
The maximum penalty for not complying with the law is £500,000 for a serious breach, but that would only be given in extreme cases.
The ICO has made it clear that their response to any complaint will be proportional to (1) how intrusive the cookies are, and (2) how much effort you have made towards complying with the law.
In other words, they will probably go after the biggest and worst offenders first, but if they receive a complaint about your website you must be able to show that you haven’t ignored the new law completely!
How can Alberon help?
We can carry out a full audit of how your website uses cookies and help you to improve your privacy policy and give more information to users.
We can also implement any technical changes required to reduce or eliminate privacy concerns, and get consent from users before using cookies.
Related links
- ICO half term report on cookies compliance
- ICO updated guidance on the rules on use of cookies (PDF)
If you want help complying with the cookie law, call us on 01865 794009 or email us.
On the 26th of May 2011, a new law came into force in the UK that affects most websites. If cookies are used in a site, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011(UK Regulations) provide that certain information must be given to that site’s visitors and the user must give their consent to the placing of the cookies.
