UK Cookie Law

July 25, 2012 by Mike

The new cookie law that came in to place on 26th May 2012 means that you are required to get consent from the user of your website before you can store cookies.

Wow. That's a big ask. Unless you have been sleeping under a rock the last few months you will be aware of the new changes to the law in relation to the use of cookies on websites. The change requires that, in some manner or form, a visitor to your website needs to agree to you being able to store cookies on that visitors' device.

The change in the cookie law is part of an EU wide legislation and the UK are the first country to have applied the changes. As you can imagine the whole logistics of the law make it very difficult to police and the Information Commissioner's Office themselves openly declare that they are not chasing anyone to fine them (see the ICO link below)

How did the cookie law work before this change?

Interestingly, before this change, there was still a cookie law in place you will be surprised to learn. What the previous version required was that you were to tell your users or site visitors that you were storing cookies. This is really interesting because you only have to look around to find any number of sites out there who have no privacy policy at all - so even before this change in legislation a good number of websites were not complying.

How is the new cookie law being implemented

We have seen a number of ways the cookie law is being implemented. You will notice it mainly on the corporate sites and it generally involves a pop-up of some sort to get the website visitor or user to 'opt in' to the use of cookies. These are generally invasive and ugly (none more so than the ICO version itself at www.ico.gov.uk) and vary in complexity.

The BBC solution only appears the first time you visit the BBC site (or at least unless you clear your browser cache) and there are now alternatives on other sites where you do not have to opt out but it directs you to a page that details how you can disable cookies.

It is interesting to note the importance of people accepting cookies as part of how you maintain the usability of your site. All leonmedia websites automatically have google analytics installed by default and google analytics stores the users movement by - you've guessed it - using a cookie.

Disabling the use of google analytics is bizarre but no more bizarre than the fact that if you have an embedded youtube video by default youtube will drop a cookie and there is nothing you can do about this. Think about this for a second and then take a visit to the ICO link below and watch the youtube video on their site.

What should be your plans for compliance?

For the sake of argument our solution to this problem (and we like to think it is not too invasive) checks to see if the user or website visitor has been to your site before. If they haven't they get a message saying that you intend to use cookies and a link to a page detailing how to disable the cookies if the user doesn't want them.

We think this is a really simple approach and the next time the user visits the site the message will not appear a 2nd time.

Anything else I should be aware of?

We have found a couple of links that might be of interest if you want to read further:
http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx
http://www.guardian.co.uk/technology/2012/may/26/cookies-law-changed-implied-consent