Since 26 May 2011, it has been illegal to use web cookies on your website without first seeking permission from users. Emma Allen finds out what this means for your website and how to comply with the rules
To comply with web cookie laws, businesses are required to remove web cookies from their websites completely or to install a method of requesting user consent, such as pop-up windows on a home page.
You must also explain to people how you use web cookies and what data they collect.
So what are cookies and how do they work? “Cookies act as a record of where you have been online, such as which sites and pages you have visited,” says Stuart Mackintosh, managing director of IT consultancy OpusVL.
“By installing a piece of code on to a site user’s computer, they enable websites to remember consumers and their online preferences, such as login details, surfing history and buying habits. Generally, they are beneficial — without them, online shopping would be much harder,” he points out.
According to the Information Commissioner’s Office (ICO), the body responsible for regulating the law, most UK business sites use web cookies in some form or another.
Mackintosh advises website owners to carry out an audit to assess what web cookies are used, what purpose they serve and how intrusive they are.
“Crucially, the law states that consent must only be sought if personal data is being stored about a consumer,” he explains.
“If cookies are used purely to manage the transaction process, by remembering what is in the consumer’s basket, for instance, they are deemed ‘strictly necessary’ and consent is not required.”
The Information Commissioner has produced helpful guidance on cookies which will help you decide whether your cookies qualify as strictly necessary and whether consent is required.
However, the situation is more complex if your website uses third-party cookies.
“If you use or allow cookies to track visitors from any external sites, or use third-party advertisements, both of which are likely to store personal information about visitors for marketing purposes, you will need to provide visitors with a clear method of opting out,” Mackintosh stresses.
This can be achieved in several ways, the most obvious being a pop-up window. “But pop-ups are intrusive and web users typically don’t like them,” Mackintosh points out.
An alternative is to set up a permanent element on a home page. “For instance, you could build a box on the right-hand side that slides up and down, displaying the site’s cookie status.”
For websites that sell products or those that require users to register first, the most straightforward way to secure consent for web cookies is to direct customers to a terms-and-conditions page.
To comply with best practice, you should also set out a privacy policy on your site that explains what web cookies are and how your business uses them. “It’s worth making sure that users can link directly to this from anywhere on your site,” advises Mackintosh.
Lastly, what about the expense? Put simply, the fee to update a website will depend on the site itself and how web cookies are used.
“If it’s a simple site, it’s a very easy job to turn off cookies. But if you’ve got a complicated ecommerce site, you will need to decide how you will solve the problem and find a viable alternative long term,” he warns.
Whichever route you choose, the use of web cookies needs to be clearly displayed on your website. “Don’t make things obscure because this could lead to complaints, or worse, you could be prosecuted,” Mackintosh concludes.