EU Cookie Directive

Like it or not, the deadline for complying with the EU cookie directive is drawing very close. No matter how nonsensical this law seems, the sad reality is that it’s the law – and website owners have no choice but to comply. With the deadline for compliance on 26th May 2012, the aim of this post is to give you all the facts you need to know, including practical suggestions for ensuring that your site is in line with the new regulations.

What is the EU cookie directive?

For those not already aware, the supposed aim of this legislation is to increase online security and data privacy, giving users more control over what data can be held about them. It addresses concerns with how personal information is held and used. Some users – albeit a small minority – are concerned with what they see as the development of a ‘Big Brother’ society in which their every move is being recorded.

The legislation forces websites to be transparent about how they are using cookies, detailing exactly what information each cookie holds and how long it will be held, and requires them actively to request permission from their users before certain cookies can be used.

Previously, the law dictated that websites had to explain how they were using cookies and how users can ‘opt out’. Most sites did so in their Privacy Policies, but this isn’t enough under the new law: users now have to ‘opt in’, having been made fully aware of the implications of doing so.

Who needs to comply with it?

The law applies to all Member States of the European Union. However, even websites outside the EU are required to comply with the law if they are targeting Member States. For example, a site based in the USA that sells products to consumers in the UK, or that has a French-language version of its site aimed at users in France, will still have to comply.

Why do I need to comply with it?

Put simply, because it’s the law! Many have speculated that the law will be hard to enforce, but the penalties for non-compliance could be severe. The maximum monetary penalty for non-compliance is £500,000, which could apply in situations where deliberate contravention of the legislation leads to substantial damage or distress. There are of course less severe penalties for more minor contraventions, including an information notice, undertaking (which commits the organisation to specific actions to ensure compliance) and an enforcement notice.

When do I need to comply with it?

The law actually came into force last year, on 25 May 2011. However, it was recognised that webmasters need time to bring their websites in line with the law, and a grace period of one year was granted. This means that by 26 May 2012, all websites will have no choice but to comply with the law.

How do I comply with it?

To comply with the new cookie legislation, it will be necessary to make changes to your website to make information about your use of cookies transparent and prominent, and to allow users to give consent to the use of certain cookies.

Inspire can implement the necessary changes by performing a cookie audit, adding the details of cookies used on your site to your privacy policy and implementing a prominent graphic that will link to it. In certain circumstances where targeting or advertising cookies are used on your website it will be necessary to implement an opt in consent facility. Please call us on 01622 844281 to discuss further.

Full information can be found on the ICO’s Guidance on the rules on use of cookies document click here