Do you have a UK based website business? Does your website include a shopping cart, user log in facilities, user preference settings (such as text size) or even advertising? Do you track your users for web analytics? If you answered yes to any of those questions, then here’s one more question for you…
Have you made the legally necessary changes to your website to comply with the new UK ‘cookie law’ which launched on Saturday 26th May?
If you haven’t, or more likely, you’re not completely sure, then don’t worry – you’re in good company. Despite the fact that the new law has been in development for over a year, most UK websites are still not compliant. But don’t take this mass non-compliance as a sign that it’s okay not to sort your own website out. It is a legal necessity, and whether you look at it from the point of view of the risks involved in breaking the law, or simply the customer conscious image you present to your visitors, it’s important to know what you can and can’t do, and how.
So Here’s A Quick Guide To The New UK Cookie Law
First of all, I don’t want to assume anything. I think that’s been part of the problem with the new cookie law. Today there are many UK business owners who genuinely don’t know what a cookie is. Having a vague idea is almost as bad, because a vague idea sounds horribly geeky. If your idea of a cookie is a round, crumbly thing which often contains chocolate chips and goes well with a mug of coffee, or you think a cookie is some mysterious temporary file secretly created by magical internet fairies and deposited in a hidden portion of your visitors’ computers which gives you control over their browsing experience, then relax. It’s a lot easier to understand than that.
A cookie is a small text file, such as you might create using Notepad, and this file is stored in a folder labelled ‘Cookies’ on your visitors’ computer. This small text file saves a few simple bits of information, such as any options they have chosen about how large the text should be on the page, or what items they have looked at recently from your catalogue. They’re not dangerous, they’re not associated with viruses, and they can be terribly useful.
So What’s All The Fuss About?
The problem is that whilst cookies were originally just used to save a few basic preferences which the visitor selected, today they’re used to save more and more bits of information about them, their computer, browser, screen resolution, geographic location and so on, giving webmasters more and more control over the personalisation of their browsing experience. This is why the time has come to enable all of us who browse websites the chance to opt out of having this data collected and saved without our consent.
Look at it this way. If you popped into your local supermarket and you had someone at the door measure your height and weight, then follow you round the store making a note of which items you looked at, and chose, and then as soon as you reached the till would offer you special personalised deals, would you be happy about that? No doubt some people would be, but others would object. With cookies as they have been used to date, you wouldn’t have any option, and wouldn’t even realise that you were being measured, analysed and stalked.
Now of course one of the biggest problems has been the fact that there isn’t one kind of cookie. There are those fairly meek and mild ones which simply record user preferences, such as the fact that they require the font to be displayed in a larger size, essential ones which record which items the visitor has in their shopping basket, and then those non-essential ones which webmasters like to use which track and monitor user behaviour, where they’ve come from, search patterns, click patterns, advert interaction behaviour and so on.
Originally the UK cookie law stated that in all of these cases the visitor must be informed immediately as to which type of cookie, or data, was going to be collected, giving them the choice to opt out if they preferred. This is pretty clear, although most UK websites have still not implemented it.
But the already rather confusing picture given to business owners was further muddied because just two days before the official launch of the new law it was updated. What was this update?
The Information Commissioner’s Office (responsible for the Data Protection Act) decided to apparently go against the E.U. Directive and suggest that rather than explicit consent being actively sought, it would be acceptable to allow ‘implied consent‘. In other words, if you continued to use a website after the 26th May you would by that very act be deemed to have consented to your data being collected.
If there was ever a way the government could make a confusing and mismatched picture as clear as mud in a fog buried twelve feet underground and covered in a lead blanket, this was the way to do it.
So What Exactly Should You Be Doing Now, And What Are The Risks Of Not Complying?
The truth is that in theory at least the ICO can enforce a £500,000 fine on companies which are not compliant. In practice though they are highly unlikely to start taking any legal action against sites, especially since around 40% of the government’s own sites are non compliant.
It is for this reason alone that at this stage I strongly recommend implementing some form of user engagement which involves informing visitors that you plan to, or need to collect data about them and store this in text files, and give them the choice as to whether you do this or not. Giving your visitors no information and no option will now be more likely to portray your business as one which may have something to hide, or cares little for customer concerns, never mind the law.
For a good example visit BT.com, where you are presented with a sliding scale which allows you to choose whether to permit essential cookies, functional cookies or tracking cookies – see the screenshot below to see an example of this in action.
You can also find out more about the new cookie law on the Pearne & Co website.
Image Credit: http://www.your-name-here.co.uk