A new UK law governing cookies will be enforced by the government from May 26th 2012. It has already been law for a year.
The new cookie legislation has implications for your website, your use of Google Analytics, and possibly your approach to email marketing.
This article explains everything you need to know. And, more importantly, clearly sets out what you need to do to comply.
What you need to do now to ensure compliance:
What are web cookies?
Web cookies are used by websites and emails to identify a user. They make it possible for a site to remember the person’s preferences and the contents of their shopping cart when they come back. Cookies are also used by web analytics systems like Google Analytics, which uses them to measure visits from different sources and track a user’s progress through a website. Analytics data, made possible by cookies, provides vital marketing intelligence that no online business would want to lose!
What you need to know:
The UK government has also failed to provide clear leadership on the new regulation – with no practical guidance available to concerned businesses operating e-commerce websites.
If your business operates a website then Digivate recommends taking legal advice on your position – just as a precaution, we do not believe there is any cause for concern.
It is still unclear precisely what the technical requirements will be – The Department for Culture, Media & Sport has responsibility and they have yet to decide how to implement the new regulations. The last update from them “confirms there will be no immediate changes to how UK websites operate.”
However, it is understood that eventually websites will basically be required to:
1. Be clear and comprehensive about what they are doing with people’s information and
2. Gain the user’s consent – giving them an opportunity to refuse (precisely how is yet to be decided).
It seems likely to us that either the user’s browser settings will be taken as consent, or that existing privacy policies will just need another paragraph added about cookies.
For Google Analytics purposes, no doubt Google will provide some sort of leadership eventually, and there should be lots of government information about what is required of EU businesses if any significant actions are required on their part. So far Google has been very quite on the subject and we believe that is because there is as yet insufficient information for anybody to determine exactly what will be required by law.
In the UK, the ICO will regulate and enforce the legislation. Here is their page on the subject:
The ICO has not yet indicated if email open tracking is governed by the new law, but we advise working on the assumption that it will be.
The ICO have implemented a strange, rather extreme solution to complying with the new cookie legislation on their own website:
We think the ICO implementation is extremely bad for the user experience and is sure to fail. More importantly, it is likely to cause serious concern for online businesses. Imagine if you had to tick a box and click “continue” every time you visited a new website!
More advice about cookie law compliance from Econsultancy:
Official advice remains extremely sketchy – seemingly because, as yet, no firm decisions have been made about how implementation should work within the UK, or when measures must be implemented.
However, it seems likely that only minimal action will be required. In particular, we believe it to be highly unlikely that an explicit ICO-style opt-in will be required. Especially in the current European economic climate. That would damage the EU’s ability to compete globally. Even in the event that technical on-site changes are required, clearly it will take time for every website to implement the changes. I would be amazed if the UK government would be so unreasonable as to expect immediate implementation, even after they have provided firm guidance.
What you need to do now:
Mainly you need to explain:
- What information you collect
- How you collect it
- Why you collect it – and how you use it.
It may also be beneficial to include a paragraph explicitly telling visitors not to use the website if they are not 100% happy with all your policies.
4. Follow us on Twitter for the latest advice: http://twitter.com/digivate