Monday 28th May 2012

Today is officially the first day for UK businesses to embrace the new legislation governing the use of cookies.

As of today, businesses that run websites will need to be able to show their compliance with the new law.

For non compliance, the governing body responsible for the new law (Information Commissioner’s Office) will have the ability to impose fines of up to £500,000 although the likelihood of receiving a fine at this stage is unlikely.

What is the new law?

The new law (Privacy and Electronic Communications Regulations 2011) states that websites must provide “clear and comprehensive” information about the use of cookies – small files which allow a site to recognise a visitor’s device.

The law requires that website operators must:

–          Tell people that cookies are used;

–          Explain what the cookies do;

–          Obtain the visitors consent to store a cookie on their device.

Are there any exceptions?

If the cookies used on your website are regarded as ‘strictly necessary’ then you will not need to obtain the visitors consent.  For example, exceptions are likely to be made if the cookie is only being used to ensure a page loads quickly or is used to track a user’s shopping basket contents.

For cookies that are used to track the user’s activity for marketing purposes and to improve conversion rates, consent will need to be obtained first before the cookie is used.

Why has it changed?

The idea behind introducing this new law centres around the problem we have with how easily personal information can be accessed and exploited.  Cookies on websites can monitor a visitor’s online activity without them necessarily knowing and some cookies can remain on a visitor’s computer for over a year.  Although they are used primarily for improving the user’s experience on a website and capturing the user’s tastes and trends for new products and promotions, the new law is designed to put a limit on how easy it is to monitor the activities of each visitor to a website.

What is the solution?

The ICO will be looking for websites that can show they have taken reasonable steps towards complying with the law.  This can be covered by having a Privacy & Cookie Policy available to view on your website.

A good Privacy & Cookie Policy will cover the following points:

–          Who is responsible for collecting the data;

–          Who is responsible for ensuring the security of the data;

–          What data is collected;

–          Why the data is collected;

–          Where the data is stored;

–          What cookies are used, including the name;

–          How long the cookies are used for;

–          The reason why cookies are used;

–          How to opt in and out of the use of cookies;

–          Information on third party cookies.

Watertight Legal can provide a bespoke Privacy Policy for your business which covers all of the essentials in order to show compliance with the new law.

The BT homepage provides an excellent example of how to obtain your visitors consent to cookies and Orange Pixel can help you to implement a similar system.