The Cookie Monster Law

by | May 7, 2012 | Legal

So, what are cookies?

A cookie is a small text file that is downloaded to a user’s device (computer, mobile phone…) when visiting a website. Although most anti-virus software will flag up cookies during a scan, cookies are generally not harmful, but allow websites to store user information. For example, a cookie could store a user’s website password so it does not have to be re-entered next time.

EU Cookie Law

The law was designed to increase the privacy protection for website visitors. Website owners are now obliged to ensure that a user “is provided with clear and comprehensive information about the purpose of the storage of, or access to, that information; and has given his or her consent.”  Although the law came into force in the UK almost a year ago, the Information Commissioners Office (ICO) agreed not to action on non-compliance until now: 26th May 2012.

How do you serve your cookies?

With fines up to £ 500,000, you simply cannot stick your head in the dough and must take action:

1) Audit your website and assess type and level of intrusiveness of any cookies used: you can

check your website for cookies here

2) Inform your website users about cookie usage: the whys and hows

3) Decide on the best way to obtain the consent of your website users.

Have your cookie and eat it?

With developments of internet browsers taking over user consent responsibilities still in the cooking stages, it is up to website owners to implement suitable solutions: whether through pop-ups asking for consent, splash screens (see ICO’s own site https://ico.org.uk/) or by making users agree to Terms & Conditions when signing up. All solutions seem far from perfect: not only do pop-ups spoil the surfing experience but, if asked whether to accept cookies, would anyone really say yes?

Cookie Diet or Cookies & Cream?

Website owners could just remove all cookies from their sites and go without tools like Google Analytics; or accept the low risk of being fined according to the ICO:

“Provided clear information is given about their activities we are highly unlike to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action”.

That’s just the way the cookie crumbles…

Fortunately, the International Chamber of Commerce recently issued some guidelines for cookie lovers by categorizing cookies into four tasty varieties:

1) Strictly Necessary

Cookies must be “related to a service provided on the website that has been explicitly requested by the user”, i.e. items in shopping carts, no user consent must be acquired.

2) Performance Cookies

These include cookies for analytics & advertising if they store anonymous data and not used for behavioural targeting of ads. Consent for these can be obtained by including information about any cookies used in the site’s Terms & Conditions – offering an opt-out rather than opt-in solution.

3) Functionality Cookies

Cookies remembering users’ selections, i.e. language settings, can be dealt with in the same manner as Performance Cookies.

4) Targeting & Advertising Cookies (the yucky ones…)

Cookies used for targeted advertising – you know the type: one search for “Brownies” is followed by various adverts for the next few days. For these cookies therefore, explicit consent must be obtained from all users.

All that reading about cookies making you nauseous?

Check out this simplified, funny video clip all about (and against) the Cookie Monster Law!

 

1 Comment

  1. John Bates

    Nice article. It’s crazy.

    So, as a developer, if I’ve asked a user of my site if they are happy for me to use cookies and they say “no”, where am I supposed to store that information – In a cookie of course. Otherwise, like something with the memory span of a goldfish, I have to keep asking the user.

    It’s a law I’d like to forget about.

1 Comment

  1. John Bates

    Nice article. It’s crazy.

    So, as a developer, if I’ve asked a user of my site if they are happy for me to use cookies and they say “no”, where am I supposed to store that information – In a cookie of course. Otherwise, like something with the memory span of a goldfish, I have to keep asking the user.

    It’s a law I’d like to forget about.

Have PC Harmony,
so you can concentrate on the more important things in life…