A lot of UK website owners are likely to be affected by the UK Cookie Law which, although it became law back in May 2011, will only be enforced now – from May 26th 2012 to be exact. It’s divided opinion among website owners and users, that’s for sure – those in favour of the law seeing it as a good thing to protect “privacy”, and those who struggle with the idea of the law – who have websites which do not collect any personal information, and who feel they have to “jump through hoops” to make their websites compliant with the new law, just for starters. [To read a simple explanation of cookies, click here.]
To summarise simply: the Cookie Law requires that websites setting non-essential cookies get informed consent from their visitors to set cookies. This can be explicit (i.e. they have to click a button or something similar, and only then can you set cookies) or implicit (you have a visible warning that if they continue to use the site, cookies will be set. The implied consent comes from them continuing to use your website.)
What you cannot do is set non-essential cookies, and only then ask permission – this goes against the letter of the law. This is important as some of the free plugins that have popped as a result of this change in the law aren’t fully compliant in this respect – and as the website owner it is YOUR responsibility to check this, not the responsibility of the plugin supplier!
To summarise at a very high level: if you have a UK website, you need to do a cookie audit to see what (if any) cookies you set.
- If your website doesn’t set cookies, you’re in the clear and can continue as normal!
- If you have cookies set by your website, you need to do a full analysis of which are essential (e.g. cookies set by PayPal to facilitate purchases from your website) or non-essential (e.g. cookies set by YouTube when you embed a video on any part of your website).
You also need to differentiate between 1st-party cookies (set specifically by YOUR website, such as Google Analytics cookies) and 3rd-party cookies (set by 3rd party suppliers such as YouTube or Aweber).
- You then need to plan how to gain informed consent from your visitors, and what to do if they do or do not give you that consent.
Did you know?
- Aweber set non-essential cookies, to add subscribers to the correct list, but ALSO to monitor which of its web form images are used. Many other autoresponders set cookies too.
If you’d like a quote to make your website properly compliant (along with a statement of actions showing your site is compliant, to show the ICO should they contact you) then contact me – I’ve done a pre-release of this package to some clients, and will be doing a proper launch in the next couple of weeks.
If this has been useful, please share it using any of the buttons below
And get in touch via the comments box below, or drop me an email!
Wishing you success…