How do I comply with the EU cookie law?

As of the 26th May 2012 the EU cookie law requires a website to gain permission from its users before planting cookies on their local machine.

A cookie is a type of information that a website stores on the hard disk of your computer machine in order to remember certain details about you at a later time, such as when you click the “Remember Me” box on login pages. Cookies often record individual preferences for a given site making the future browsing of that site easier for you, but they can also be used to help advertisers show you banner advertisements specific to your online habits.

The EU cookie law is a piece of privacy legislation that was originally adopted by all EU countries, and the UK was given one year to comply with the directive after updating its Privacy and Electronic Communications Regulations, which brought the EU directive in to UK law.

Designed to protect the online privacy of customers, the law means that your website needs to make each individual visitor aware that your site uses cookies, and giving them to choice of whether or not to use the service, or if available to be able to choose how much information is collected.

Every EU member has their own approach to the law, but the basic requirement remains the same regardless.

The Information Commissioners Office (ICO) is responsible for upholding the legislation, ensuring that organisations are complying with the cookie law.

After the 26th May, if a business is not compliant, or is seen to be actively working towards compliance, it will then run the risk of enforcement action, with possible fines of up to £500,000.

Quick and simple action

Some larger scale organisations have implemented some ingenious solutions to ensure that they get the permission of each user to send cookies to their machines, including the introduction of “Privacy Sliders” that easily allow a user to adjust the level of information that a cookie collects about their usage.

However, for many small businesses there is a significant lack of budget to introduce fancy methods such as this.

A simple solution, as per the guidance issued by the ICO, suggests that online businesses could send prompts to appear on a user’s screen asking for consent to use cookies, which it says would be an easy option for achieving immediate compliance. Alternatively, it suggests, the user could be asked to sign up for the terms and conditions of a site, where the use of cookies is explained and then accepted or declined, thereby avoiding pop-up messages that many users see as tedious.

The ICO have admitted that organisations will need some time to comply with the new EU cookie law, but still insists that they should be able to demonstrate they have a plan in place to reach compliance as quickly as possible.

Leave a Comment