The EU cookie law: What you need to know

You may have noticed a lot of news recently concerning how personal data is used by large internet publishers such as Google, Apple and Facebook, for either improving service or as a pervasive and targeted tool for advertising.

Recently, Digital Clarity sent a newsletter highlighting the changes with Google’s Privacy Policy. It seems that the desire by the internet giant to simplify and blend some current 60 privacy policies into one is (currently) falling fowl of EU regulators.

There has been a huge amount of publicity about this, but buried deep in this news is a far more potent change that is already law and comes into effect within the EU (yes, which includes the UK) on 25 May 2012 – the EU cookie law.

As there has been no clear directive by the government on how best to adhere to this new law, it is important to understand the fundamentals of the policy, what the effects are for your site and what you must do to comply. To make this easier, we have broken this down into a simple Q&A:

What is the new EU cookie law?

To give it its official title, the Privacy and Electronic Communications (EC Directive) Regulations 2003, will be taking effect on 25 May 2012. Most sites use cookies to track visitors and information on the visitor. The main part of the new legislation will require website owners to gain consent from users before a cookie can be stored on their computer. The type of cookie being used and what the cookie is for must be made clear before the user gives consent.

This European directive is being driven in the UK by The Information Commissioner’s Office or ICO. On the ICO website it clearly states:

Cookies or similar tracking methods must not be used unless the subscriber or user of the relevant terminal equipment:

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b)  has given his or her consent.

You can find out more from the ICO website.

What is a cookie?

A cookie is a piece of information in the form of a very small text file that is placed on a website user's hard drive. The information the cookie contains is set by the website and it can be used by that website whenever the user visits.

There are a variety of different cookies. Here are a few:

Session cookie – also known as transient cookies. These are stored on the user’s computer until they leave the website, at which point they are deleted.

Stored cookie – Where the cookie is downloaded onto the hard drive and used to identify a visitor whenever they return. The lifetime of this cookie varies from website to website but 30, 60 and 90 day cookies are common.

Flash cookie – If you are viewing video or visit sites that use Adobe, there may be small files downloaded when you watch a video.

Why does a website need cookies?

The information stored in a cookie allows the website to identify you when you visit and present information accordingly. Below are some examples of cookie usage:

‘Remember me/ Keep me logged in’ – If a website has functionality available only to signed-in users it can be frustrating for them to log in every time they visit. In this situation a cookie allows the user to return to the website and be taken to their account immediately. Example: Facebook – can you imagine filling in your details every time you visit?

Preferences – Some websites allow you to set preferences on the look and feel, content you want to see and functionality you don’t need. A cookie may be used to ensure your preferences are remembered when you return (please note this is less common these days, where preferences are stored in the database rather than on your computer)

Shopping baskets and recently viewed products – An e-commerce website such as Amazon tries to make the shopping experience as easy as possible for users by storing the contents of your shopping basket and products you’ve recently viewed without you needing to be signed in so that as you browse the site you don’t lose everything you’ve done. These cookies are usually short-lived and may exist only while you’re on the website or for a few hours after you leave.

Analytics / website usage tracking – Many websites rely on analytical software to record how people arrived at the site, what they did while they were there and how and when they left. While this might sound a little ominous, the website owners are not able to identify individuals; there’s no way to know that Peter Simkins of West-Byfleet viewed How to Look Good Naked DVD boxset for example, only that an unidentified person did.

This information is used to improve a website and ensure the visitors are able to find what they need as quickly and easily as possible.

Third party advertising services – Some advertising platforms that display their adverts on websites in their network make use of cookies to track whether you’ve seen a certain advert and whether you clicked; however like Analytics, you remain anonymous – the service does not have access to your individual information, only that someone on your computer saw or interacted with an advert.

In truth, it is this type of cookie usage that has driven the push for an EU cookie law as it’s unfortunately open to abuse.

What type of cookies run on your site?

Though this may seem to be an obvious question with an obvious answer, the truth is that many site owners and publishers do not know. If they do know, they know the basics or make assumptions of what cookies are used.

The best way to determine the cookies your website creates for users is to carry out a full audit. Record cookies that are created, identify what they’re for and decide whether they’re critical to the functionality of your website. Be sure to include third party services that create cookies, such as Google AdSense, AdWords and Analytics – while you may not be responsible for creating these cookies, they are delivered via your website.

For more information on the EU cookie law, read page two of this guide: How to comply with the law