On the 26th May 2012, the EU Cookie Law will start to be actively enforced. Despite being made law in May 2011, the UK Government will not actively enforce or police sites until after the 26th.
What is the EU Cookie Law?
The EU Cookie Law primarily about getting consent from visitors to your site for placing cookie’s onto their computer. Cookies are small files that websites will use to store information about their users. Their use ranges far and wide; however, you will typically find that many login or shopping cart systems will have features that depend on cookies.
Cookies can also be used for other purposes, which can include tracking users. A typical application of this might to be monitor what pages a user visits so you can serve targeted adverts unique to that particular user, based on their history.
Many users will be unaware that cookies are responsible for this – and this is what the law is for; to inform and more specifically, gain consent from the user to set cookies on their computer.
Who is the law aimed at?
The law is aimed at anybody who owns or operates a website. If you’re running a website within the EU; then regardless of whether or not is personal or business related, the law applies to you.
Does my website set cookies?
You need to find out if your website sets cookies. In most cases, it’s very likely that your website sets at least a few. Therefore, you need to find out what cookies are being set and what they’re responsible for.
There are plenty of cookie detection tools out there which you can use. A quick browse around your site with these tools will give you a list of every cookie that is set. These lists are often complicated though, and if you’re not a web developer it can be a nightmare trying to figure out exactly what each one does.
Types of Cookies
There are many different types of cookies that are responsible for a wide range of uses. But what type of cookies do you need consent from your visitors to set?
- Cookies that affect the fundamental functionality of a website do not require consent.
For example, this could include the cookies set throughout the checkout process of your eCommerce this. In this scenario, you do not need to ask for consent to set these cookies.
- Cookies not critical to site functionality will require consent.
This would include, for example, a cookie which is set once a user logs in so that next time they access the site they don’t need to enter their username and password. This is a common feature, but one where you would require consent as it is not critical.
As you can see, not only do you need identify which cookies are being used by your site; but also exactly what they’re used for.
What types of cookies are exempted?
We’ve mentioned that cookies which affect fundamental functionality of the site are exempted from needing consent. But, what is really considered fundamental functionality?
Unfortunately, the law as it stands is full of grey areas on this particular issue. When the law was first announced, it was speculated that cookies set by tracking programs (for example, Google Analytics) would require consent as technically, these aren’t critical to a site’s operation.
However, the Government Digital Service takes the view that these cookies are in fact essential to a website’s operation and are therefore exempt. If we’re following their example (which no doubt, many sites will do) then we don’t need to get consent for cookies set by your analytics software.
As you can imagine, there will be a lots of areas where someone can justify all types of cookies as being critical. It will likely be some time before we have the full picture of the type of cookies which are exempt and those that are not.
It will be important to review your cookie use and compliance with the law on a regular basis to determine if your site is still adhering to the law.
Will this affect how my site is used by visitors?
Website owners are rightly worried that forcing users to consent to cookies as soon as they enter their site will affect conversion rates, sales and usage. This is close to the reality of this law and therefore it will be a big issue for sites that set and use lots of cookies; how do you get consent without diminishing the user experience?
No body knows the answer to this yet. Understandably, many sites do not want to start putting roadblocks up unnecessarily and once again we’re back to a ‘wait and see’ approach that many businesses are taking.
One example that is live now though is the BT site. Clicking the cookie settings link at the bottom right opens a panel for you to choose your level of consent. This is suitable for a company like BT, but is not for a small business site.
What do I need to do now?
The first thing you need to do is to determine what cookies are being set by your website. From this list, you’ll then need to find out which cookies are essential and which are not.
For many small businesses with typical websites (including small eCommerce sites) you won’t be setting a lot of cookies outside of the checkout, your analytics and possibly login pages.
As you’d expect, there will be a lot of businesses that are playing a ‘wait and see’ approach with this law. But, ensuring these two pages are in place won’t cost much and will go a long way towards compliance for smaller businesses.
Get your site audited today
If you would like an expert opinion on the cookies being set by your site, please contact us on 0800 081 1688. We can provide you with a full list of cookies and their use, so you can determine the best course of action for your site.