Do you know a cookie from a cookie?

The E-Privacy Directive, is a law that applies to how website owners can use cookies to store user information. This ruling was passed last year 26 May 2011 with the movement that all websites must comply by 26 May 2012.

The law means website owners will need to gain “explicit” consent from their users if they are to store visitor usage information and will need to provide “clear and comprehensive” information about why they are storing cookies.

So, what is a cookie?

Cookies are text files that store user information from web browsers. Cookies enable passwords to login areas to be stored, provide detail about users’ shopping behaviour, to personalise the browsing experience and show more relevant content and for tracking browsing behaviour.

What consent options are there?

Browsers have not yet been modified to the new law to assume that users have provided consent for cookies, thus the responsibility is on the website owner. However, the government is currently working with major browser programmers to create future solutions.

  • Pop-ups-Although pop-ups can potentially clutter the user experience, they are one of the easiest options available to make users aware and ask for consent.
  • Sign-up terms and conditions–When registering with a site users can be asked to provide consent for the ways in which the website wishes to function. However, website owners would also need to alert their current user base who have already registered. This could be a message to view modified terms and conditions.
  • Functional uses–Cookies are often used in the background of websites and are activated without the user consent to track their behaviours and browsing habits. A solution to this use of cookies could be to place terms and conditions in explicit areas of the site, whether in the header and footer of the page or a separate page dedicated to relevant information.
  • Settings-led consent–There are some websites, which enable users to personalise their experience in terms of layout, colour scheme, language etc. In these cases websites can create real-time opt-ins to save preferences with cookies.
  • Feature-led consent–This is similar to before however cookies would be stored when a website recalls feature-led preferences saved by the user, such as the personalisation of content or the position of media a user has viewed a video to. At the time these preferences are selected, users can be alerted that cookies will be activated.
  • Tracking icons–There have been moves by large advertisers, including AOL and Google, to produce recognisable icons on any advertisements using tracking technology as a means of identifying that cookies may be being used.
  • Third party cookies-If a website displays advertising, this third party may take cookies from users. The ICO admits the process to get consent in this instance is complex and it is currently working with the industry and European data authorities to assist in addressing concerns (Marketing Week 2011).

AVG the Anti-virus software company have created an application that embeds itself with Google Chrome, and some other browsers, to alert users of website features that may be tracking them for data. It also provides the option to deactivate and remove them from the site. http://www.avg.com/gb-en/do-not-track

What are the repercussions if companies don’t comply?

There is a lot of confusion neighbouring the new Directive a long with the complexity of technology required to ensure websites are compliant meant that the law was not to be enforced for one year (May 2011 – May 2012).

The UK government says there will be “no overnight changes” and the ICO (Information Commissioners Office) says it will give business and organisations up to one year to “get their house in order”. Failure to take any action before 26 May 2012 could result in a substantial fine.

If you would like to learn more about how this may affect you, download this PDF from the ICO – Click Here

EDGE team member

ABOUT THE AUTHOR

EDGECreative