This new law is intended to increase the level of protection internet users have over their privacy and will be enforced over a period of one year.
What is a Cookie?
In internet speak a cookie is not a delicious snack but a small file used to store user data in a browser. They are small text files made up of letters and numbers and are downloaded onto internet users’ devices to track their website preferences and choices.
Example: The first time you visit a dual-language website you make a choice to view the website in English. The website downloads a cookie to your browser stating that English is your preferred language. The next time you visit the website it accesses the cookie it stored on your browser and automatically sets the language to English.
While this example enhances your experience some cookies are required to make the website function properly. An e-commerce website, for instance, needs cookies to track which items you have added to your shopping basket.
The new law requires businesses and organisations operating websites in the UK to get consent from visitors to their websites before they store and retrieve information on users’ computers. It has been suggested that one way this could be achieved would be to put a welcome message on a website informing the user about cookies and allowing them to click to either accept or decline their proposed use.
The only exception to this rule is if the cookies in use are necessary for a service requested by the user. As previously mentioned, one example of this would be a cookie you use in an online store to ensure that when a user has chosen products they want to buy and clicked ‘add to basket’ or ‘checkout’ your site remembers what they chose on the previous page. As this is necessary for the fundamental function of the website you wouldn’t need to get explicit consent.
How to comply
The ICO has declared that it will give website owners one year to comply with the cookies law. So, by the end of May 2012 you need to be sure that your website isn’t contravening these rules.
Which cookies do you use?
The first step in attempting to comply with the law is to identify which cookies you use on your website.
- How many cookies are in use?
- What are they used for?
- How do they work?
- Do you even need them?
Many websites are a culmination of years of development and some of the cookies and functions may no longer be needed. This is a good opportunity to carry out a thorough audit of your website and identify areas for improvement.
Once you have identified which cookies you use, you need to think about the impact they have on the privacy of your users.
- Do they store personal information?
- Do they track user habits?
- Are they necessary for the website to function?
Once you have addressed these questions you can think about how to obtain consent from your users, if any is needed of course.
- Pop-up message when a user first lands on your website. This would disappear after consent has been given/declined.
- Discreet message at the top of your webpage. Again this would disappear after consent has been given/declined.
- Permanent message in your website template e.g. a box next to your contact details.
Or any variation on the above.
Ballyhoo will be more than happy to help you answer the questions in this article and, if required, help you comply with the new cookies law.
Full disclosure of the methods used to store user information in our core systems Ballyhoo Commerce and Ballyhoo Refresh is available on request.