On 26 May 2012 the ‘Cookie law’ finally comes into force across the UK, and the rest of Europe; also known as Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR).
In reality how does this impact on you?
Until now European law has required that visitors to websites are given the opportunity to opt-out of cookies, however this will change to an opt-in or consent based system.
In essence a cookie is a small text file stored on your computer by your web browser. It often contains non-identifiyable information which allows a website to function more effectively. For example, remembering the menu option you selected on the site. A more intelligent cookie may store your username so that it ‘remembers’ you when you visit again — these are used extensively. Finally, there are cookies that are considered trackers — heavily used by advertisers to track your movements around a site and deliver targeted adverts in the current session, or at a future date.
All cookies are easily deleted; in most modern browsers you can do this manually or automatically when you close down the browser.
However the European Union thinks we need more protection so from 26 May 2012 any website employing cookies must seek your consent to do so. As is often the case, the word of the law is very vague and somewhat confusing. Even when we reach the fated date there is still no big stick approach to enforcement as long as you are seen to be making progress — bizarre considering we have already had a year-long extension to the law in the UK (It became EU law 26 May 2011)
The basic law requirements are:
A Visitor to a website
- is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information;
and
- has given consent.
Therefore, you must tell visitors why you use cookies, what you store, and they must agree to it.
One exception, although vague, is the use of a cookie as “essential to provide the service requested by the user” — this is generally interpreted as a cookie used solely for the purpose of facilitating on-line shopping transactions and such services.
The other vague area is the use of cookies used by third-party services on your site for the purposes of web analytics; it is generally considered the onus of consent is with the third-party however the visitor should be made aware of these cookies being used. Such cookies must not contain personally identifiable information. A common example would be Google Analytics, used by many websites to gather statistics on user movement throughout a site.
The Information Commission Office (ICO) in the UK provide ICO guidance on the regulation however this is very non-prescriptive and almost useless.
Thankfully the International Chamber of Commerce (ICC) in the UK have produced a much more comprehensive ICC UK Cookie guide.
Of course, the 26 May 2012 will come and go and many sites, including the UK government, will not be compliant!
-
http://twitter.com/WolfSoftware Wolf Software
-
Mark Crossley