Cookie Law ...Officially Monstrous?

Ok, let’s bring you up to speed!

In May 2011, an EU Privacy Law came into effect that requires websites to ask visitors for their
consent to use cookies. A cookie is a small text file, stored in your browser, that enables it to
remember if you are logged in or, if you’ve visited a site before and what your preferences were.

There are different types of Cookies, for example Session Cookies expire when you close your
browser, a Persistent Cookie will expire after a specific date and a Third Party Cookie allows
tracking between websites that a user may not expect (these are typically used by Advertising
Networks). All major browsers provide security controls, which allow users to choose to block all
cookies, to only allow specific cookies, or to block third party cookies.

The new law is intended to protect people’s privacy. Over 92% of websites use Cookies at
the moment and they will need to start asking visitors for permission to do so or they will be
breaking EU Law. The location of your hosting is irrelevant if your organisation is based in the
EU.

There are exceptions to the law, for Cookies deemed “strictly necessary for a service
requested by a user”, such as login or keeping a shopping basket updated. But, tools such as
Google Analytics, commonly used by webmasters to track the behaviour of visitors (determining
how long people spend on a website, what search terms lead to conversions), will require
gaining the explicit consent of the visitor.

The law will only start to be enforced in the UK in May 2012 and will likely affect tens of
thousands of organisations, with fines of up to £500,000 for a serious breach of the law.

So why is this a right royal pain in the ass?

According to a recent poll undertaken by Econsultancy, publisher of digital marketing and e-
commerce best practice, 82% of digital marketers think the law is ‘bad’ for the web.

While this may be a genuine attempt to help issues of privacy, it hasn’t been thought through.
Instead of looking at which cookies are intrusive and which are helpful to the online experience,
they are banning all cookies without first getting the permission of the user.

It will impede user experience, creating barriers between the user and what they are trying
to gain from their visit to site, be that information or a purchase. It is also likely to make some
users nervous being asked for their consent, where they hadn’t been asked before. And with
all the debate and negative feeling about the new law it is likely to make them all the more
apprehensive and confused.

It could seriously have a negative impact on UK ecommerce, with visitor tracking and analysis
data affected, when we need to be focusing on increasing our competitiveness against
international alternatives. Furthermore, it will negatively impact all UK website owners with
the additional overheads and risk of fines against the international market, which does not have
these restrictions.

Browser compliance, rather than website compliance, would have clearly been a more viable
and far less resource exhaustive option. It would be simpler and far more efficient to roll this
out and manage from a users perspective. Especially since it’s the browser that manages local
storage of data.

So how do we tame the monster?

The first step is to carry out an audit of your website. Establish which cookies are used, their names, what they do, their potential intrusiveness and expiry dates. You should update
your privacy policy, with a clear section on cookies and maybe include the results of the audit. Also ensure that you have a separate link on every page to the cookie information.

Following the audit remove any unnecessary Cookies, review the expiry dates of the remaining
cookies and check if they are reasonable. Now update your website so that the user is asked
for consent at key interaction points, the best example being when a user logs in and ticks
the ‘remember me’ checkbox. If you do still require use of the most intrusive types of cookies,
then your best bet is to provide an alert to the user about cookies. Many websites routinely
use pop ups to make users aware of changes to the site or to ask for user feedback. Similar
techniques could, if designed well enough, be a useful way of obtaining consent.

If you’re feeling up to it, there is free javascript software available that you can install yourself, that will make your site compliant. Just two of many sites with more information and software ready to download are cookiesdirective.com and google.com

This may seem like a lot of work but, if you are to be compliant with the law and want to avoid
a hefty fine it’s a must that you undertake these steps and soon. If you’re not a techy we would
recommend that you have this work done by a professional, to ensure it’s totally compliant and
well crafted to reduce any chance of a negative user experience. This is a service we offer, so
please get in touch if you’re struggling.