You are here: Home / General / The “new” UK Cookie Law

The “new” UK Cookie Law

July 2, 2012 by Leave a Comment

A lot of UK website owners are likely to be affected by the  UK Cookie Law which, although it became law back in May 2011, will only be enforced now – from May 26th 2012 to be exact. It’s divided opinion among website owners and users, that’s for sure – those in favour of the law seeing it as a good thing to protect “privacy”, and those who struggle with the idea of the law – who have websites which do not collect any personal information, and who feel they have to “jump through hoops” to make their websites compliant with the new law, just for starters. [To read a simple explanation of cookies, click here.]

To summarise simply: the Cookie Law requires that websites setting non-essential cookies get informed consent from their visitors to set cookies. This can be explicit (i.e. they have to click a button or something similar, and only then can you set cookies) or implicit (you have a visible warning that if they continue to use the site, cookies will be set. The implied consent comes from them continuing to use your website.)

What you cannot do is set non-essential cookies, and only then ask permission – this goes against the letter of the law. This is important as some of the free plugins that have popped as a result of this change in the law aren’t fully compliant in this respect – and as the website owner it is YOUR responsibility to check this, not the responsibility of the plugin supplier!

You also have to ensure that, if someone does NOT consent to having cookies set, that (a) no cookies are set, and (b) that you have a viable alternative plan – such as directing them to your privacy policy which contains an explanation of how the site may not operate to their expectations if you can’t set cookies, and how it is in their interest to allow cookies to be set, but that can always revoke that consent should they wish to do so.

To summarise at a very high level: if you have a UK website, you need to do a cookie audit to see what (if any) cookies you set.

  • If your website doesn’t set cookies, you’re in the clear and can continue as normal!
  • If you have cookies set by your website, you need to do a full analysis of which are essential (e.g. cookies set by PayPal to facilitate purchases from your website) or non-essential (e.g. cookies set by YouTube when you embed a video on any part of your website).
    You also need to differentiate between 1st-party cookies (set specifically by YOUR website, such as Google Analytics cookies) and 3rd-party cookies (set by 3rd party suppliers such as YouTube or Aweber).
  • You need to update your Privacy Policy (you DO have one, right?!) to explain what all these cookies are & what they do/track
  • You then need to plan how to gain informed consent from your visitors, and what to do if they do or do not give you that consent.

Did you know?

  • When you embed a YouTube video, make sure you select “Enable privacy-enhanced mode” so that non-essential cookies are ONLY set once a visitor to your website clicks “Play”. You will still have to cater for these cookies in your privacy policy, and I suggest thinking about a (small) disclaimer below each video stating that DISCLAIMER: We always use YouTube’s “Enhanced Privacy Mode” which restricts YouTube’s ability to set cookies on web pages that contain privacy-enhanced YouTube embed video player. However, YouTube may still set cookies on the user’s computer once the visitor clicks PLAY on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.
  • Aweber set non-essential cookies, to add subscribers to the correct list, but ALSO to monitor which of its web form images are used. Many other autoresponders set cookies too.

Important!

I have implemented already a whizzy cookie plugin & new privacy policy on this site, but I am still working through all the old YouTube videos to make my website compliant. If you find a video that is still setting cookies, it will be on my “To Fix” list, but if you feel you’d like to let me know about it anyway, feel free to contact me by email :)

If you’d like a quote to make your website properly compliant (along with a statement of actions showing your site is compliant, to show the ICO should they contact you) then contact me – I’ve done a pre-release of this package to some clients, and will be doing a proper launch in the next couple of weeks.

If this has been useful, please share it using any of the buttons below :)

And get in touch via the comments box below, or drop me an email!

Wishing you success…

 

 

 

 



Related Posts with Thumbnails

Filed Under: General

Speak Your Mind

*

CommentLuv badge