Does your organisation plant cookie’s?
Thursday, 26th May 2011
From 26 May 2011, the law concerning the use of cookies and similar technologies for storing information on a user's computer equipment changed. A cookie, also known as a web cookie, browser cookie, and HTTP cookie, is a piece of text stored on a user's computer by their web browser. A cookie is used for a number of reasons including authentication (to save you having to login over and over again to the same website), storing site preferences, shopping basket contents or anything else that can be done through storing text data.
If your website uses cookie’s and puts them on to a user’s machine or you read a cookie without obtaining consent you will now be at risk of breaking the law. Previously if you wanted to use cookies for storing information, on your website you had to tell visitors to your website how you used those cookies and their options for opting out if they did not want them to be used.
Now, the new law means that you can only place cookies on a device where the user or subscriber has given their express consent. The user must be provided with comprehensive information about the storage of and access to that information and must have given his or her consent for this. The only exception is where the cookie is strictly necessary for a service requested by the user, for example, to operate an online shopping basket.
It has been made clear by the Information Commissioner’s Office (ICO) that organisations with a website must be able to prove they are active in complying with this new law. They have given organisations and businesses that run websites aimed at UK consumers 12 months to comply. The ICO published guidelines in early May identifying three steps you should look to be taking, these guidelines can be read in full in their online document which can be accessed using this link.http://www.ico.gov.uk/~/media/documents/library/Privacy_and_electronic/Practical_application/advice_on_the_new_cookies_regulations.pdf
Step 1 – perform an audit on the type of cookies and similar technology used and how they are used on your website.
Step 2 – assess how intrusive the use of cookies is.
Step 3 – decide on the best solution for obtaining consent for your organisation to use.
The ICO has also set out guidance on options that are available to obtain a user’s consent. These are a guide only and technical advice should be sought to see what capabilities will work best for you. The options for consent include pop-ups and similar techniques, terms and conditions, settings-led consent, feature-led consent, functional issues and third party cookies.
Once you have considered how your website uses cookies, the options for how you can gain consent from user’s to continue to use cookies and therefore be compliant with the new law, make sure you are proactive in implementation. The ICO has clearly stated that if it receives a complaint about a website it will deal with it differently for an organisation who has followed the three steps mentioned above compared to an organisation that has done nothing to comply.
We are here to help
Call 0800 027 5999 or ask a quick question here:
