Eu cookie law - website changes required?
On May 26th 2010, a new EU directive came into force stating that, if you store a cookie on a user's machine then you have to gain their explicit opt-in consent.
What is a cookie?It's a little fragment of text that we store in the user's browser so that we can track them around the site: whether they are logged in, whether they have a shopping cart, where they've been on the site, how often they visit and that sort of thing. Google analytics puts a cookie in place, for example, so that you can see where visitors go. Why do you care?
We may have to alter your website in order to make it comply with the law and sorry, that isn't covered by support: it's a chargeable item. We'll have to look at your site and assess exactly what we need to do on a case by case basis.
Why haven't you told me about this before?
The Information Commissioner's Office (ICO), whose responsibility it is to enforce this, have said that they are not going to go after anyone for non-compliance this year. Next year, however, they may. We have a little time to look at this, but it's coming.
To be blunt: we just didn't think it would become law. It's a bit of a daft idea requiring the alteration of pretty much every single website in the EU for no very clear privacy benefit. Talking with others in the industry, almost everyone is agreed that no-one knows how this is going to play out in real life. As an example, none of these sites are yet compliant: www.number10.gov.uk, www.nhs.uk, www.parliament.uk, www.conservatives.com, www.direct.gov.uk. Right now, what we should do about this is unclear. Even the ICO seem confused as to what people should do to comply. Their own site sets a cookie in order to ask you whether or not it can store cookies!
So: why are you telling me now?It's better to tell you now, so you know something's coming, than have a nasty surprise next year some time. We'll keep you posted as to how this develops: we're hoping that a best-practise will emerge over the next few months so that whatever we do is a one-off amend that doesn't need to be revisited. Are there any loopholes?
Theoretically there is an exemption for cookies placed in order to make the website work: e.g. shopping carts and logins but there still has to be explicit consent and the capability to delete the cookies if consent isn't given (or not set them in the first place). What's the worst that could happen?
Well, it might be like Disability Discrimination Act and be 'more honoured in the breach than the observance' (i.e. lots of people break the rules, but no-one really gets sued), or it could be actively pursued. At this stage, we just don't know. The fines for breaches are up to £500,000 so we're obliged to take it seriously. Note: our sites are built to comply with DDA legislation. Where can I find out more?
http://www.ico.gov.uk/news/current_topics/website_changes_pecr.aspxIf you have any other questions, please feel free to ask us for more details. We're happy to help.
Comments [0]