The EU Cookie Law has been around since 26th May 2011, and we are still getting clients asking us to explain how if affects them, which is perfectly understandable. Fortunately, more recently this has become easier for us to explain, as a result of the Information Commissioner’s Office (ICO) numerous updates to how they will enforce the law, we are finally seeing agreement between website developers and the ICO on a plausible solution.
Introduction to the EU Cookie Law
The Cookie Law itself has been a masterclass in red tape and bureaucracy by the European Commission’s; Article 29 Working Party, not only has it caused confusion, but also unnecessary panic.
What is a cookie?
Basic version: A cookie is a file sent from a website to your browser (e.g. Firefox) and is stored on your computer, this file is sent back to the website every time you visit.
Technical version: A cookie is a text file that works as an identifier which is a string of letters and numbers, this file is sent by a web server to a web browser and then stored by the browser. The identifier is then sent back to the server each time the browser requests a web page from the server.
What do they do?
Cookies are used by web servers to identity, and track users as they navigate a website, they also identify returning users. There are two types of cookie, persistent cookies and session cookies.
Persistent cookie; will be stored by the browser and remain valid until its set expiry date (unless deleted by the user before the expiry date).
Session cookie; will expire at the end of the user session, or when the web browser is closed.
The Cookie Law
The Cookie Law is aimed at protecting privacy, and as a result requires websites to notify their visitors that information is being stored and retrieved from their computer or mobile device.
The belief is that by making consumers aware of how information about them is being collected, and then enabling them to choose whether they want to allow that exchange of information, protects their privacy online.
Compliance with the law
Who has to comply?
How to comply
Types of Consent
There are two methods to gain consent; obtained consent and implied consent.
Obtained consent uses methods that force the visitor to either agree or disagree with cookie. Either when the visitor lands on any web page or before the visitor can see any content. This is very unpopular and is now widely understood as over-the-top.
What if I my website doesn’t comply?
The ICO is keen to avoid prosecution, they tend to advise on compliance before prosecution. In the majority of cases the ICO will only look into websites that have been reported.
In the first instance the ICO are most likely to contact you with guidance on how to comply. If you do not act on their advice in a reasonable time then it is quite likely they will prosecute.
If you would like a more in depth guide the Cookie Law, please visit the Information Commissioner’s Office website.