On May 26th a new EU law came in to effect that potentially affects all web sites in the EU and as over 92% of sites use cookies please read on………..
Part of the EU’s Privacy and Electronic Communications Directive, the law affects any website which uses ‘non essential’ cookies (such as visitor tracking or tracking responses to advertising) and stems from concerns that previous rules were considered inadequate to protect user privacy.
A cookie is a technology that remembers information between webpages. Because of cookies, your web browser can remember you are logged in, or have visited a site before, or what your personal preferences are.
For example, your favourite shopping website could set a cookie to track which websites you’re visiting to find out your hobbies and interests. They can then use this to customise what products they recommend to you in future. You can look at this two ways; as an advantage because you receive better and more customised service, or as a disadvantage because it invades your privacy. The idea of the new law is to ensure that users will have a clearer idea about what information is being collected about them.
However, many web sites use cookies as an essential part of their operation, especially where you have been required to log in and such ‘essential’ use is not covered by the new legislation which covers all cookies that are not “strictly necessary for a service requested by a user”.
OK, so what’s the problem?
- Well firstly most EU states have failed to take the requisite actions to implement the directive (they missed the deadline).
- Cookies are very widely used for a variety of purposes and few organisations (even professional web developers) actually understand the law or which uses of cookies are banned and which are not!
- The law covers not only cookies but similar ‘alternate’ technologies (so there is no easy way round it) and confusion is rife as apart from the implications for individual web sites it would seem to strike critically at the processes used by organisations such as Google Analytics (to give site owners reports on traffic to their sites) and social media plug-ins like Facebook ‘Like’ buttons would also appear to be outlawed by the new rules.
Unfortunately there is little guidance as how to comply with the law but you can be fined up to a massive £500,000 for seriously breaching it!
Given the furore when the deadline became public, ICO (the organisation responsible for implementing the law) gave UK web site owners a reprieve until May 2012 to comply as long they can show that they are ‘working towards that deadline’.
Official guidelines suggest web site owners should:
- Check what type of cookies your site uses and how they are used.
- Assess how intrusive your use of cookies is.
- Decide if your use requires user consent and how this is best obtained.
It would seem likely that as the year progresses matters will become clearer and it will be interesting to see how organisations such as Google and Facebook respond.
At Oyster we generally only use ‘essential’ cookies and this would seem to continue to be permissible. We also encourage clients who require site traffic stats to use web log analysis as a more accurate measure of site traffic than Google Analytics. Web log analysis is still permissible and we will watch carefully the debate over Google Analytics.
If you are already a web client of Oysters you can be assured that we will monitor the ongoing debate and advise you on what steps need to be taken before the May 2012 deadline.
For general readers of this newsletter who do not yet have an Oyster web site, we are happy to discuss the issues further and provide advice on request. Simply click here to contact us.