May 20, 2011

Is the ‘Cookie Directive’ a monster?

A new law, which came into effect on 26 May, sees web users being asked for their consent to have their online activity tracked. The ‘Cookie Directive’, implemented by the European e-Privacy Directive, means that companies will effectively have to ask the user if they agree to having their movements recorded via cookies.

Cookies are widely used to help users navigate faster around the sites they regularly visit through the automatic downloading of a ‘cookie’ onto the users’ PC. This allows the site to know, for example, that the user is a returning user, which pages they favour, and even how long they spend on each page. This in turn allows the site to tailor content to appeal specifically to the users’ browsing and shopping habits.

The significant advantage of this is that the user’s interaction with frequently-visited sites is smoother, with no extra effort on their part. On the other hand, it takes away the right to anonymity, with businesses and the government storing information about users without them even being aware of it.

So how is this relevant to businesses? Well, we all need to consider how we get the user’s consent to monitor their activity on our sites. Previously we’ve relied on browser settings having the user’s agreement to set cookies; the introduction of this law means we can no longer assume this.

The Information Commissioners Office (ICO) tells us that “the government is working with the major browser manufacturers to establish which browser-level solutions will be available and when” and concedes that “time [will be needed] to comply with the new EU cookie law but insists [companies] should be able to demonstrate they have a plan to reach compliance”. So, until then, folks, you’re on your own!

There is good news though: since its launch last week the ICO has put in place a year deferment to ensure businesses who run websites aimed at UK consumers have enough time to get organised without the risk of prosecution.

Over the next year, we see a couple of situations playing out. First is that businesses can send prompts to the user’s screen asking for consent, which would appear every time the user visits the site. Alternatively we can ask the user to sign up to the T&Cs of the site, which explains the use of cookies and thereby avoids those tedious pop-up messages.

The ICO advises that, going forward, businesses need to decide which cookies are strictly necessary and how intrusive the use of those cookies is. We suggest you give us a call and we’ll help you through the process.