Is Your Business Ready For EU’s New Cookie Law?

EU Cookies

Back in May last year, the EU’s Privacy and Communications Directive came into force. Commonly known as the EU cookie law, the government decided to phase its implementation after realising that most websites were unprepared for it and even experts seemed unsure of its implications.

That decision meant that the Information Commisioner’s Office (ICO) wouldn’t start enforcing the law until 26 May 2012. With that date fast approaching, some websites are now scrambling to comply. Others are doing less, or nothing at all.

So, what is the cookie law, and do you need to worry about it?

Interpreting the EU cookie law

Cookies are small files which websites store on visitors’ computers. They allow a website to identify a particular user. Cookies are a key part of website technology which underpin lots of different functions. For instance, cookies are usually used to:

  • Remember what items you’ve added to an online shopping basket
  • Keep you logged in to a website
  • Track visitor numbers and movements (through tools like Google Analytics)
  • Display targeted adverts to visitors

The EU cookie law has the potential to transform how people think about cookies, and – as a result – how websites use them. The law aims to make people more aware of what cookies are and how they’re used, by requiring websites to gain permission before storing any cookies on users’ computers.

This means that – by the letter of the law – you need to ask every website visitor if they’re ok with your website placing cookies on their computer. And it’s only if they say ‘yes’ that you’re allowed to do so.

The only exception to this is cookies that are ‘necessary’. But the definition of ‘necessary’ only covers cookies that are required to provide functions requested by visitors. That means you won’t need to get permission for your shopping basket cookies, but you will need to get permission for your Google Analytics cookies.

Finding a way through the confusion

The EU cookie law is pretty confusing. Although its aims of increasing transparency and giving consumers more choice seem laudable, it has the potential to have a huge impact on websites. In short, to comply with the law you’re going to have to display a message asking people to consent to your website using cookies. And only if visitors give that consent will you actually be able to use them.

In an industry increasingly dependent on targeted advertising and measurable results (both which require cookies), there have been some harsh critics of the rules. TechCrunch called it a ‘stupid’ law that could ‘kill our startups stone dead’. A company called Silktide put together a snarky video that still manages to do a good job of explaining the law.

Just about the only example of a website that’s implemented a cookie consent message so far is the ICO’s own site. Rather worryingly, it saw its recorded visitor numbers drop 90% once it added the opt-in message – suggesting that most people were ignoring the request.

What you need to do today

With only a couple of months remaining until the ICO begins prosecuting websites under the new law, there’s still plenty of confusion around its implications. However, the prospect of receiving a £500,000 fine for not complying should be enough to spark most businesses into looking into the issues.

And, at this stage, that’s what canny websites are doing. It seems unlikely the ICO will prosecute companies that are making a real effort to understand their obligations. So, it’s a good idea to investigate what cookies your website currently uses (most websites will be affected by the law – and even if you think yours doesn’t use cookies, you might be surprised!), then plan how you might implement an opt-in.

As the dust from this new law settles and more websites start to implement an opt-in message, you can then decide how to move forward.

Of course, it goes without saying that you should seek legal advice on this issue. Strictly speaking, the cookie rules are already law, and any website not in compliance could be prosecuted after 26 May this year.

The new rules aren’t going anywhere. So don’t bury your head in the sand.

Resources to help you prepare for the cookie law

  • The Cookie Collective claims to offer a ready-to-go tool that will bring your website into compliance with the law
  • Smart Insights have examined the issues in detail and taken a look at some options for website owners
  • The ICO has released its own guidance (PDF file) for website owners.

Jonathan Edwards is MD and founder of Integral IT, a preferred IT support partner to many UK businesses. Jonathan has been working in the IT support industry since 1996 and is a Microsoft Certified Professional. He is actively involved with all aspects of client relationships and ensures Integral's IT support is of the highest quality possible.