On 26 May 2012 the ‘Cookie law’ finally comes into force across the UK, and the rest of Europe; also known as Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR).
In reality how does this impact on you?
Until now European law has required that visitors to websites are given the opportunity to opt-out of cookies, however this will change to an opt-in or consent based system.
In essence a cookie is a small text file stored on your computer by your web browser. It often contains non-identifiyable information which allows a website to function more effectively. For example, remembering the menu option you selected on the site. A more intelligent cookie may store your username so that it ‘remembers’ you when you visit again — these are used extensively. Finally, there are cookies that are considered trackers — heavily used by advertisers to track your movements around a site and deliver targeted adverts in the current session, or at a future date.
All cookies are easily deleted; in most modern browsers you can do this manually or automatically when you close down the browser.
However the European Union thinks we need more protection so from 26 May 2012 any website employing cookies must seek your consent to do so. As is often the case, the word of the law is very vague and somewhat confusing. Even when we reach the fated date there is still no big stick approach to enforcement as long as you are seen to be making progress — bizarre considering we have already had a year-long extension to the law in the UK (It became EU law 26 May 2011)
The basic law requirements are:
A Visitor to a website
- is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information;
- has given consent.
One exception, although vague, is the use of a cookie as “essential to provide the service requested by the user” — this is generally interpreted as a cookie used solely for the purpose of facilitating on-line shopping transactions and such services.
The Information Commission Office (ICO) in the UK provide ICO guidance on the regulation however this is very non-prescriptive and almost useless.
Of course, the 26 May 2012 will come and go and many sites, including the UK government, will not be compliant!