Cookie law change – what you need to know and are you complying?

Cookies are a hot topic this year. These are text files that help organise and store browsing information.

On the 26th of May 2011, a new law came into force in the UK that affects most websites. If cookies are used in a site, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (UK Regulations) require that certain information be given to the site’s visitors and the user must give their consent to the placing of the cookies.

Technically all firms must comply with the law but the UK has said that it needs more time to find a workable solution. The government is now looking for a “business-friendly” solution and believes in “light-touch” regulation.

What does the new law say?

You must now get explicit consent from the user before you may use cookies – simply having a privacy policy is no longer good enough.

In addition, you must ensure that the user understands exactly what they are agreeing to by giving them clear information about what cookies are and how you use them.

Why was this law passed?

The aim of the law is to make people more aware of the privacy implications of cookies, to give users an informed choice, and to prevent websites tracking users without their knowledge.

Who does the law affect?

This law affects all websites that use cookies for any reason. Since almost all websites use cookies in some way, this probably includes you!

Even if you have a simple, static website but you use Google Analytics it affects you, since Google Analytics uses cookies. The law makes it your responsibility (not just Google’s) to comply.

How long do we have to comply with it?

The ICO has given us until May 2012 before they will start enforcing the law.

However, they have made it clear that they expect to see progress being made well before then because it could take some months to achieve compliance – so you should act now.

What do you need to do?

The ICO has laid out clear steps it expects you to go through:

  1. Conduct an audit to check what cookies your website uses and what they’re used for.
  2. Assess how intrusive your use of each cookie is to the user’s privacy, so you can prioritise fixing the intrusive ones.
  3. Implement any necessary technical changes to ensure you have consent to use cookies.

What will happen if you don’t?

The maximum penalty for not complying with the law is £500,000 for a serious breach, but that would only be given in extreme cases.

The ICO has made it clear that their response to any complaint will be proportional to (1) how intrusive the cookies are, and (2) how much effort you have made towards complying with the law.

In other words, they will probably go after the biggest and worst offenders first, but if they receive a complaint about your website you must be able to show that you haven’t ignored the new law completely!

How can Alberon help?

We can carry out a full audit of how your website uses cookies and help you to improve your privacy policy and give more information to users.

We can also implement any technical changes required to reduce or eliminate privacy concerns, and get consent from users before using cookies.

Related links

If you want help complying with the cookie law, call us on 01865 794009 or email us.

leave a comment

Your email address will not be published. Required fields are marked *.

The Vincent Wildlife Trust The importance of good website copy