Cookies Audit
In May 2011 a new law came into effect that requires all websites to get consent from the user before using cookies. The Information Commissioner’s Office (ICO) has issued guidelines (PDF) outlining the following initial steps you should take:
- Check what type of cookies you use and how you use them
- Assess how intrusive your use of these cookies is
- Decide what solution to obtain consent will be best in your circumstances
Alberon can conduct a cookies audit on your behalf where we will determine:
- What cookies are being used on your website
- What they’re being used for
- Whether there are any privacy implications
- Whether they are exempt from prior consent under the “strictly necessary” clause
If necessary, we will suggest changes to be made to your website. This will sometimes mean adding a notice to the page before cookies are used (e.g. a login form), but in some cases more complex technical changes will be required – e.g. to alter the software to delay setting a cookie until after the user has given consent. We will give you an estimated cost for any changes.
Where cookies are non-intrusive, the ICO has said they are unlikely to take formal action for non-compliance (as long as you have a specific explanation why and a clear timeline for compliance), so we will also help you to decide which changes you need to implement at this stage.
Finally, we will make sure your privacy policy (or cookies policy) is up-to-date and includes clear and comprehensive information about the cookies you are using. (This has been a legal requirement since 2003.)
Background information
What are cookies?
Cookies are used by websites to remember information about you. The most common uses of them are:
- To remember what you’ve added to your shopping basket
- To remember who is logged into the website
- To monitor how you use a website
What does the new law say?
You must now get explicit consent from the user before you may use cookies – simply having a privacy policy is no longer good enough.
In addition, you must ensure that the user understands exactly what they are agreeing to by giving them clear information about what cookies are and how you use them.
Why was this law passed?
The aim of the law is to make people more aware of the privacy implications of cookies, to give users an informed choice, and to prevent websites tracking users without their knowledge.
Who does the law affect?
This law affects all websites that use cookies for any reason. Since almost all websites use cookies in some way, this probably includes you!
Even if you have a simple, static website but you use Google Analytics it affects you, since Google Analytics uses cookies. The law makes it your responsibility (not just Google’s) to comply.
How long do we have to comply with it?
The ICO has given us until May 2012 before they will start enforcing the law.
However, they have made it clear that they expect to see progress being made well before then because it could take some months to achieve compliance – so you should act now.
What will happen if you don’t?
The maximum penalty for not complying with the law is £500,000 for a serious breach, but that would only be given in extreme cases.
The ICO has made it clear that their response to any complaint will be proportional to (1) how intrusive the cookies are, and (2) how much effort you have made towards complying with the law.
In other words, they will probably go after the biggest and worst offenders first, but if they receive a complaint about your website you must be able to show that you haven’t ignored the new law completely!
If you want help complying with the cookie law, call us on 01865 794009 or email us.
