Call it what you like, the ICO e-privacy law, the cookie directive, or to give it its proper name, Directive
2002/58/EC, but on the 26th
information on users’ devices changed.
What does that mean for you? It means
ensuring you’re compliant with the new law and avoiding a potential fine
of up to £500,000.
You have my
attention, but what’s a cookie?
In technology terms, a cookie is file which gets downloaded
on to a device when a user accesses your site. Cookies allow a website to
recognise a user’s device and store information, which can be used to analyse
customer behaviours, this can be anything from log-in details and browsing
history, to shopping cart contents.
So what’s changed and
why does this apply to me?
In a nutshell, it used to be enough just to state somewhere on your website how you used
cookies, and the steps customers could take to remove or stop them. Under the
new regulations, you now have to actively seek out permission from the user to
store cookies on their device, be it mobile or desktop.
The majority of cookies are simply used to ‘remember’
information about customers, but businesses must now take steps to audit their
cookie usage to understand and categorise them according to their level of
OK then, so where do
The best way of doing this is to ensure you have an expert, who has the tools and techniques to:
- Identify and analyse what
type of cookies you are using, your current policies for obtaining consent
from your customers and how you are using them
- Grade your cookies as
essential, non-essential and non-intrusive, non-essential and intrusive,
- Produce a cookie usage
audit report – this will outline what each cookie is for, how intrusive it
is, whether it is first or third party, how to get more information on it,
and what to do about it
- Produce a cookie usage
statement to add in to website’s privacy section – this will outline what
each cookie is for and how to get more information on it
- Give general advice on how
to ensure your website is compliant with the ICO directive as defined at
the time of the audit
So I’ve done my
audit. What now?
Well, first of all, don’t panic. The government recognises
that with this kind of change in the law, a ‘phased’ approach must be taken
before it can be enforced.
If for any reason a complaint about cookie usage was
levelled against your business, you will be able to demonstrate with the
results of your audit, that you have understood the change in the law, and are
taking steps to ensure you become compliant with it.
The Government is giving leeway of a year to implement changes
to websites, but it’s vital for any business to begin the auditing process
immediately to satisfy the initial requirements of the new law.