Monthly Archives: May 2012

That cookie law.

At the end of this month, May 2012, an awful lot of website owners (including bloggers) are about to find themselves breaking the law. It’s not even a new law – it was passed last year, but with a year’s grace so we could all prepare. Instead most people haven’t even heard of it, let alone done anything to comply.

It’s this: Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (UK Regulations) which provides that certain information must be given to a site’s visitors and they must give informed consent to the placing of the cookies.

Right about now it’s entirely possible various of you are wondering what a website has to do with biscuits. A cookie in this case is a text file, downloaded via the browser, and stored on your computer. It’s the sort of thing that allows Amazon to suggest products dependent on what you’ve viewed before, that means Google can personalize your search results, and lets shopping carts actually function.

So what does the law mean, and how do you comply? You might think if you aren’t selling anything you aren’t setting cookies. But if you’re using google analytics, social buttons or anything of that sort the odds are you are. The first thing to do is run an audit – there are a number of ways to do this. In firefox you can install the web developer extension, then right click in a page and look for web developer>cookies. When you’ve worked out what they all are, decide which of those cookies you want to keep – get rid of the rest of them, your website will probably thank you. (Further instructions coming on how to make all this make sense as I work through it myself.)

You also need to write up a privacy policy that explains what cookies you are using and what for – cookies that are essential for your website to function are exempted, but probably worth putting them in your policy anyway. Here’s one I’m working on for my main blog: liveotherwise privacy policy.

Then you need to decide what disclosure method you prefer. You can go for a popup on first page that also prevents cookies from being set until the user agrees. Or you can disclose in a header or footer message – the jury has not yet been convened as to which of these methods will be deemed sufficient, but we’re going with popups. (No, you won’t see it on here today, I haven’t finished working on it. It’s on liveotherwise though.)

Don’t think that just because you’re a little website you’ll get away with it. The ICO doesn’t have a lot of money to prosecute people – my best guess is that they will go after the small fry first, not the big companies who can just throw lawyers at the problem. Get your house in order, and if you can’t do it yourself, call on your local geek – I recommend this chap at colneis technology. ;)