Important this blog post was written pre-GDPR see update at the base of the page.
EU legislation passed in May 2011 means websites in the EU cannot place cookies on a visitor’s computer without permission. (26 May 2011 the EU’s Privacy and Communications Directive)
Since then we have also dealt with GDPR or General Data Protection Regulation and while it does not specifically cover cookies it does seem to have made people re-look at their treatment of cookies and take a stricter approach.
There is still a lot of speculation about what needs to be done but here is an overview.
At a basic level a cookie is a text file that stores information about your visit to a website. It can be as simple as a random number used to identify you when you log-in. At the other end of the scale, it can hold personal information about you, from input in forms or the pages you visit while exploring a website.
The new legislation is meant to protect privacy and personal information. Emphasis is being made when cookies are used to transmit information to third parties without permission.
Online businesses claim permission notices will effect the usability of websites and confuse website visitors. Loss of tracking and analytics will also have a major effect on online market research and competition when other companies outside the EU do not have these restrictions.
You may not realise that your website places cookies. The most common sources:
The most important step is to see how drastically this will effect you. Your site may have no cookies or you might find some you were not expecting.
Many website owners have not taken any action. The guidance has been vague, and not everyone has easy access to the technical advice that they need. For many losing precious analytics data needed to run their business is a harsh blow. It may even be a competitive disadvantage if your competitors ignore the new legislation or are outside the EU.
The reality is few visitors will accept cookies if asked permission. It may even deter some visitors from using your site.
For you to be fined a complaint about your website would need to be put to the Information Commission Office. You will be given a written warning. You will only be fined if you do not reply and do nothing to rectify the problem. Fines could be as much as £500,000
Any action or inaction should be taken with the full facts for your own website and business. You should always know what your website is placing on potential customer computers. At the very least do an audit now and start putting a plan into place.
Information Commission Office – the official source for information about the legislation.
YouTube video to explain the Cookie legislation – an easy way to explain what effect the ‘cookie law’ could have.
General Data Protection Regulation information on ICO Office website
Examples of Solutions
There are many companies offering you solutions. One free examples that look promising is:
If you need help auditing your site or complying with the legislation contact Leonie at Line and Form [email protected]
Since GDPR some major websites sites are updating so you can actually chose not to accept different types of cookies and still use the website.
The BBC is an interesting approach. You have the option to accept or change your settings.
Clicking on ‘Find out what’s changed’ brings you to a settings page.
While some sites still give you the choice to accept, or not use the site, the tide does seem to be turning.