May 26 Deadline – Cookie Law Munches its Way into Legislation
Cookies – HTTP, Web and Browser
I KNOW which will be more exciting to read about, alas however in this blog I must focus on the latter (I hope the picture makes up for this somewhat!)
What are they?
On May 26th a new cookie directive law will be baking its way into internet legislation. A cookie is a piece of data, a small text file, placed by a website onto a users computer. Cookies are designed as a form of online memory, remembering actions taken by a browser in the past; sound like gobbledegook? On my web developers third and slightly desperate attempt to educate me on cookies the lightbulb finally clicked on when he informed me that if cookies are enabled, effectively your browser is remembering your actions on the web.
Example: Ever been looking for new clothes on ASOS or Topshop, come online a while later to say, listen to a radio station or check your email and seen ASOS or Topshop adverts on the radio station or email website? That’s cookies as I understand them. They store data to provide you with a better, more relevant user experience.
They’re not out to get you!
The new law
Cookies are rarely used to store identifying information about a user, it’s their browsing habits they are interested in. The EU however on May 26 will be enforcing a new law that means every website in the UK will be required to a) inform users that their actions are being tracked by cookies and b) ask for their consent.
The deadline for people to take action on the new law is May 26 (we were given a year to implement changes). After that date, websites that don’t comply could be fined up to £500,000. There is no clear cut process about what steps website owners should take and there is still a lot of confusion around the issue. An article from 123-reg (view here) reports that:
“The new rules require websites to get permission from visitors before placing any cookies on their computer. Permission must be informed and overt, which means you have to ask visitors outright if you can put cookies on their computer, and explain clearly what the cookies are used for. You can’t bury the information in your website’s terms and conditions and leave it at that. The only exceptions to this are cookies deemed essential to providing functions visitors have asked for. But you can’t rely on this to cover many of your cookies. The ICO guidance on the law says that “this exemption is a narrow one”. It’s certainly not likely to cover cookies for analytics purposes, which is one of the most common uses of cookies – particularly for smaller websites.”
What to do about it
If you’ve not done anything yet the general consensus is you’re not alone. The ICO added an opt in feature to its website…and saw measured visitors drop, total traffic may not have dropped, just recorded traffic as people had to opt in. View the figures here. Doing nothing may not be best though, 123-reg advocates taking some sort of action.
As a minimum it recommends understanding the cookies that your website uses and putting these in an obvious place on your site, not embedded deep in your terms and conditions. Laying the foundations and figuring out how to create an opt in feature is also advocated. You can find out what cookies your website uses at Bitstorm View Cookies.
Google made press around the globe recently when its new inclusive privacy law was applied across all its products and services. The age old debate as to how much information should be given about our browsing habits generally forms one of two opinions, 1) it doesn’t matter much as privacy is rare these days anyway or 2) it ignites a personal rights issue as we believe we should have control over the information we share.
Another interesting feature I recently came across was a complete browsing history facility. Only viewable by logging into Gmail, mine only extends back to March 2010 – a friend of mine however has a complete history of every Google search he’s ever typed in from 2007. Five years of searching. The two ways I see of looking at this are 1) Google is keeping your search data to use the information for its own gains, knowledge is power or 2) Google is keeping this information and making it accessible to serve a better user experience.
I personally feel that the transparency with which these results are shown indicates the search engines are not reluctant to share this information with us therefore the saving of these searches is for the genuine purpose of providing us with a positive and relevant user experience.
Something to keep in mind certainly, also something people seem to be waiting and seeing with. Not a webmaster myself from an SEO standpoint this blog provides more useful information:
There is also a piece of code you can implement to comply with the law:
My recommendation would be to find out the cookies your site uses and starting to work out an opt in feature if this becomes necessary in the future. An opt out will now not be enough.