The E-Privacy Directive, which was first introduced in 2011 but in the UK, the Information Commissioner's Office (ICO) agreed to delay its enforcement until May 2012, now requires website owners to gain a user's consent before their website stores a cookie on that user's computer.
So what is a cookie?
A cookie is a small text file stored on your computer by your browser (Internet Explorer, Firefox etc). Your browser creates and stores this file when instructed to do so by a website. This happens behind-the-scenes, so you don't particularly realise that it happened.
Are cookies bad?
No, absolutely not!
Despite getting a bad press at times, cookies should not be grouped with "viruses", "trojans", "malware" and other scary-sounding IT nasties.
A website typically creates a cookie when there is a genuine and reasonable need to do so and this is most often to:
- record a user's preferences
- or acknowledge that a user has logged in to the website
- or preserve some information until the user's next visit
For example, when you enter your postcode on the BBC's home page, your choice is recorded in a cookie so that the next time you visit the site, you get information (such as weather and TV listings) relevant to your location.
When you add a product to an online shopping basket, the details might be stored in a cookie so that as you move around the website, the website remembers the contents of your shopping basket.
Some cookies - commonly known as "tracking cookies" - are used to keep a record of a user's browsing habits and it's the use of these cookies and their "big brother" connotations that have caused the recent consternation.
The easiest way to answer this question is to ask your website designer, who should be able to explain how your site was built and whether cookies are involved. If you prefer, get in contact with us and we'll happily check your site for you.
What does the new law require me to do?
Given that cookies are often used to improve a user's browsing experience, you might wonder why consent is an issue.
How do I get consent from my website visitors?
At this stage, there doesn't appear to be a definitive answer!
However, if you interpret the legal requirements literally, the only way a user can demonstrate consent is by "opting in" and so a tickbox displayed prominently on the screen, which a user can tick to show that they're happy to receive cookies, seems like the clearest approach.
It's clear that not all websites are as transparent as this though, with many taking an alternative approach ranging from:
- doing nothing, presumably on the assumption that they won't end up in trouble anyway!
Terms & Conditions
Notify at the time of use
And if I don't...?
Website owners who fail to take the necessary measures to comply with the Directive could face a fine of anything up to £500,000!
Please note: ultimately, this is a legal matter and Rubiqa is not providing legal advice. You may wish to take separate advice from a recognised legal professional.