If your website currently stores cookies and you do not ask each and every visitor for permission to do so, you are breaking the law.
This isn't a scaremongering tactic to get you to redesign your website with us, but it is a fact which could have serious implications for your business in the future.
Update #2: At the 11th hour the ICO changed guidance to allow for 'implied consent'. This means that whilst businesses must make clear what cookies are and how they are being used the user need-not click a button to accept. One of the best examples of this is on the BBC website. On its site, you see a banner informing you about cookies and what's being set the first time you visit the site. Subsequent times, cookies are automatically set unless the visitor decides otherwise.
Update #1: Dave Evans of The Information Commissioner's Office (ICO) has said in an interview that the ICO would only investigate cases where complaints are made. We're still waiting on the 'big boys' of the web to see how they'll react when the grace-period of the new law expires on 26th May 2012.
You may not know what a cookie is. Unfortunately, in this case, it's not a delicious baked treat.
A cookie is a small text file, generated by your web browser, that stores information about the websites you visit.
They can be used for lots of reasons but the most common is to remember login details, user preferences (like text size for accessibility) and items in a shopping cart. They also track a users progress through your website for the purposes of analytics and enable social media tools, such as Facebook's 'like' button or Twitter's 'tweet' button.
They are very useful, but they can store data about an individuals viewing habits. This has raised concerns about an individual's right to privacy and monitoring saved data so it is not used illicitly.
In October 2009 the EU amended an existing Directive on electronic piracy to include the requirement that all websites ask their visitors for consent to use cookies.
Once a Directive has been issued, EU member states will be required to create national laws to enforce it.
This Directive concerns all websites linked to businesses based in the EU, so you can't get around it by simply moving your web hosting to the USA.
To comply with the Directive, the UK Government introduced a law in May 2011 which allows companies until May 2012 to adhere to it. Unfortunately, most people don't seem to even be aware of it.
Out of the 27 EU member states only three (Denmark, Estonia and the UK) have any laws in place. Another three (France, Slovenia and Luxembourg) have some non-legally binding measures in place. The other 21 member states have not done anything yet.
The chances are your website uses cookies, so you're caught up in this whether you like it or not. As you're based in the UK, you are subject to UK law even if the majority of the EU has done nothing to implement the Directive.
The potential maximum penalty for disobeying this law is a £500,000 fine and prosecution!
There are a number of solutions, all of which will seriously degrade the user experience of your website.
You could stop using cookies for analytics, but this would mean you have very little information on which to base improvements. Basically, you're left flying blind.
You could include a pop-up asking users to accept cookies, but this can intrude on the user's experience of your site and, most modern web browsers have the ability to block pop-ups.
Finally, you could include a strip along the top of the site asking users to accept cookies, but ironically you would have to store a cookie to record their response, even if they said no.If they say yes then it's not a problem and the message can disappear, but if they don't want to accept cookies from your site you would have to leave the message at the top of every single page for the duration of their visit.
This is the solution the Information Commissioner's Office (ICO), the regulator who enforces this law, has opted for.
At the moment, the best strategy is to do nothing and don't panic. This issue affects so many websites and the law is so woolly that it's close to impossible to enforce.
However, forewarned is forearmed. If you're aware of the situation, it won't come as such a shock and you'll be able to do something about it quickly if the ICO start to come down heavily on those who don't observe the new rules.
Got questions? Want to make your site compliant? Call us on 02380 238 001 or use our contact form.
If you would like to discuss how Carswell Gould could help, our team of experts are keen to chat. Fill in your details below and we'll be in touch shortly.
