Afraid of the Cookie Monster?

Tagged: EU Cookie Law, Web

Some helpful information on the EU Cookie Law

This weekend the EU Cookie Law - or EU Directive 2009/136/EC, or E-Privacy Directive comes into effect. There is a PDF available which you can read here

Warning this document should not be read while operating heavy machinery as it may cause drowsiness. If you are not an insomniac in need of sleep then just browse Article 5(3) - bottom right corner of page 20.

Note however these are only the AMENDMENTS made to the following directives: Directive 2002/22/EC on universal service and users' rights relating to electronic communications networks and services (Universal Service Directive)

Universal_Service_Directive.pdf

 

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

Data_Privacy_Directive.pdf

 

Still awake? So what does this mean for your website? In a nutshell it means you have to get permission from all of your visitors before you can set any cookies on their computer, tablet or other mobile device. Well not every cookie. You can still use cookies that are absolutely necessary for the basic functioning of your Website.

For example session cookies for tracking shopping baskets and user logins are OK - permission is assumed because they are trying to use the site and/or service. However things like website analytics and 3rd party advertising DO require permission from the user. Is this bad? Yes it is. The ICO (Information Commissioner's Office) website implemented their own recommendations - and promptly lost visibility of 90% of their statistics because user's did not give consent for the cookies to be set and could not be tracked.

The ICO website with a nice banner at the top asking for permission to set cookies on your machine is here: http://www.ico.gov.uk Their cookie information seems to be mostly here, with a handy brochure like guide here

Now who is effected by all this? Anybody with headquarters or offices in the EU - It does not matter where your website is running from it's where the visitors are coming from. There are figures currently being banded about saying things like "face fines of up to £500,000 ... cost British economy £10bn ... 95% of businesses not compliant..." Is there any good news? Well yes. Unlike some companies that have something to gain from all this we are not spreading doom and gloom just to get our client's money!

Our CMS - Bobbin - is compliant with the new directive. Although 3rd party content which has been added may not be compliant - Google Analytics, Twitter/Facebook/et al. widgets, embedded Youtube videos, the list goes on... It's going to be an interesting time getting visitors to "accept cookies" when most of them probably have not heard of them, know what they are or what they do ... quick quizz: You do know the difference between session and persistent cookies don't you? 1st and 3rd party cookies? How about Flash cookies and HTML5 Web Storage which also fall under this directive?

We are keeping a close eye on this as it is currently changing daily, so stay tuned.

...So what does this mean for your website? In a nutshell it means you have to get permission from all of your visitors before you can set any cookies on their computer, tablet or other mobile device...