This was the statement I first read months ago and thought, this should be quite simple to solve, if not fairly intrusive to the normal browsing experience. Since reading into the privacy law, however, it has become more and more vague about what is required for specific cookies.
What is a cookie?
I know some of you are thinking it is a biscuit with chocolate bits in, like the one favoured by my favourite sesame street character above, however, this is not the case when it comes to web terms. A cookie is a small piece of information created by a website and then stored on your computer. The next time you go to the same website, it can access that cookie and the data inside it.
Where are cookies used?
There are many features within websites which require cookies, and these are outlined below:
Analytics is a software package which can be used to track a users journey throughout your site, where they came from and what they do. The most common example of this would be Google Analytics.
Unfortunately the new law means that users have to opt-in before we can start tracking this data.
Nearly all web adverts are now tailored towards you based on the sites you have visited and the products you have looked at. All this information is stored in cookies which gets analysed to give you the most targeted advertising possible.
As with Analytics, users will now have to opt-in to allow this data to be stored.
This is when you sign up for an affiliated account with, for example, Amazon. A user goes to Amazon with a unique URL which tells Amazon to store a cookie on their computer with this information. If the user chooses to opt-out then you will not receive your percentage of sales which you are sending to Amazon.
Add to basket
When you add items to a shopping basket, a cookie is stored. This however falls under the “strictly necessary” section of the cookie law:
“This exception is a narrow one but might apply, for example, to a cookie you use to ensure that when a user of your site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, your site ‘remembers’ what they chose on a previous page. You would not need to get consent for this type of activity.”
So this functionality is unaffected by the cookie law.
There are many other ways in which cookies are used, some of which will be affected by this new law.
How will this affect UK-based companies?
As of May 26th 2012, it will be a legal requirement for users to opt-in to third party cookies which are set on a UK based website. Although the fine can be up to £500,000 the actual risk of prosecution is extremely low. Tens of thousands of organisations websites will be affected, and if we look at the statistics for similar laws which have been enforced in the past we can see how unlikely prosecution will be:
Data Protection Act
Cases received: 33,234
Cases closed: 32,714
Enforcement notices: 15
Freedom of Information Act
Cases received: 3,734
Cases closed: 4,196
Regulatory and enforcement actions: 3
How will this affect EU-based companies?
At the moment the UK is the only country which has provided firm guidance on what is required. All other EU countries will probably begin to adopt the same laws in the future.
Whether many companies enforce this law for their own website is going to be a question we can ask for the early months after the law has been enforced. Where the likelihood of being prosecuted is quite low I don’t think we will see much change in the smaller organisations.
The ICO (who are enforcing the law) have obviously implemented a solution to their website,http://www.ico.gov.uk/, but frankly it is an ugly and clunky solution. If they are setting the trends to enforce this law I think they should be considering a more graceful solution, as they will find that not many people will want to have an ugly notification appear at the top of every page on their website.