TT176: How the EU Cookie Directive affects your website
What is a cookie, in the context of the internet? A cookie is a small file stored by your internet browser software that records details of your use of a particular website.
It can record all sorts of information such as your login details, personalisation options, purchase history, or browsing habits (how you arrived at the site, how long you stayed and so on).
What are the new laws?
There are certain exceptions for cookies vital to the operation of the website. The Information Commissioner’s Office (ICO) says “The guidance explains that cookies used for online shopping baskets and ones that help keep user data safe are likely to be exempt from complying with the rules.” However, the majority of cookies do not fall under the exceptions.
How should you obtain consent?
You must give the visitors a clear notice that you are using cookies, and what they are used for. Unless the user then gives their consent, cookies must not be used.
Will companies really be chased for using analytical tools?
Almost all websites collect visitor statistics and it would be an enormous task for the government to find and prosecute all such websites. The UK government has indicated that it would be less focused on analytics cookies than cookies collecting more intrusive data. However, unless consent is appropriately obtained and requisite information given, the use of any cookies is strictly speaking not legal.
Aiming for compliance
The ICO website has full guidance on cookies and personal data  (and an example of a consent request banner)
One resource to help you find out whether your website is compliant is this “Cookie Audit Tool”  for the Chrome browser.
The ICO’s latest “Guidance on the new cookies regulations” [PDF]  contains useful details on your first steps to compliance:
- Check what type of cookies and similar technologies you use and how you use them.
- Where you need consent – decide what solution to obtain consent will be best in your circumstances.
Should your website be investigated for non-compliance, there are various measures that the ICO can take:
- Information notice: the organisation must provide specified information within a certain time period.
- Undertaking: requires an organisation to take a particular course of action in order to improve its compliance.
- Enforcement notice: compels an organisation to take specified actions in order to comply with the regulations. Failure to comply can be a criminal offence.
- Monetary penalty notice: in serious contraventions where no action has been taken to comply with the regulations, the ICO can impose a fine up to a maximum of £500,000.
Talk to Barnes Roffe today