11 / 06 / 2012

May 26th 2012 - New Cookie Law

Cookie Law

The Information Commissioner's Office's (or ICO) site states that it is "The UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals."

On the 26th May 2012 ICO enforced a new Cookie Law.

What is a cookie?

A cookie is simply a 'text file' that lies on your computer. When you browse a site information can be saved to this file largely in order to make the site work more efficiently and to provide information to the site owners to help improve the site.

There are different types of cookies. A 'session' cookie, also known as a 'transient' cookie will be stored in temporary memory and is not retained after the browser is closed.

Another type is a 'persistent' cookie, also known as a 'permanent' cookie or 'stored' cookie. This cookie is stored on your computer and can remember information to be called upon viewing the site again.

What can a cookie do?

One example of information gathered by a cookie is Google Analytics. By collating this data, site owners have the opportunity to re-evaluate how the site works and improve it. For example if the Google Analytics showed that a large percentage of people using the site are searching for particular information that's nested a few pages into the site, it may be more suitable to have this information present on the homepage.

Another example is when browsing an e-commerce site if you add items to your basket the cookie will remember these items, allowing you to add multiple items to your basket.

What do you need to do to your site to comply with the cookie law?

In the '11th hour' of the law being passed it had a change that introduced 'implied consent'. This being added then, put the onus on the user rather than the website operator. However, the guidelines state that "you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent."

Further information on this can be found on the ICO site: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx

Before the law was passed, most browsers already allowed and still do allow full control of cookies, allowing you to restrict all cookies or specify exact cookies that wished to allow.

Details on how to control cookies via your browser can be found here: http://www.allaboutcookies.org/manage-cookies/

Now the law has been passed, how many people have implemented it?

"According to a recent KPMG study, 95% of companies have yet to comply with the legislation and any business implementing the law in its entirety risks going bust, some had warned." http://www.guardian.co.uk/technology/2012/may/26/cookies-law-changed-implied-consent

Is anyone against the law?

A website has been setup, explaining the reasons they believe the law is bad and action you can take if you agree. http://nocookielaw.com/

They have also put together a video documenting the law:

YouTube Video

Conclusion…

Although all this information can be somewhat confusing and seem vague it seems unlikely that heavy fines will come into effect for low profile websites. However, to be on the safe side it doesn't take long to add some extra details on cookies to your site.

Here's some examples of sites that have implemented it in the education sector, most of the sites below have opted to include the cookie information in their 'terms and conditions' or 'privacy policy'. Whilst Oxford have created a new page entitled 'cookies' to hold this information.

May 26th 2012 - New Cookie Law

Author

Category

Share