EU Cookie Law and it’s implications for website owners
On May 26th 2011 a new EU originated law came into effect that requires website owners to make significant changes to their sites and may fundamentally change the whole web browsing and shopping experience for everybody. This Cookie Law is amended privacy legislation that requires websites to obtain informed consent from visitors before they can store or retrieve any information on a computer or any other web connected device.
Cookies are used by almost all websites, for a variety of purposes:
- Analysis of visitor behaviour (known as ‘analytics’)
- To track people across websites and deliver targeted advertising
- To personalise pages and remember visitor preferences.
- To manage shopping carts in online stores
Website owners were given 12 months to comply and that period ends 26 May 2012.
– Is my website affected?
If your website uses first party cookies i.e those necessary for it’s functioning e.g. for managing shopping cart content then your website is not affected but may be affected for another reason, please read on.
If your website is using third party cookies i.e. those provided by another website for purposes not directly related to the functoning of your website e.g. for analytics, targetted advertising etc then you are affected.
– What does the EC privacy directive (EU Cookie Law) require?
– My site uses 3rd party cookies for tracking visitors for stats puposes, am I affected?
This is where it all gets a bit vague. Our current understanding is that the directive refers to tracking users across sites and so the use of first party cookies for a websites owners own statistical use would not be affected.
However, some stats systems use their cookies for more than just providing website owners with visitor stats, they also aggregate these stats for the benefit of 3rd parties so are presumably not allowed.
Google states that it’s Analytics uses first party cookies only so is not affected.
– My site includes Facebook, Twitter, Youtube video, Google Maps etc, am I affected?
All these 3rd party services are known to set and retrieve cookies for purposes of tracking movements across sites for either purposes of gathering data for sale to 3rd parties or to serve personalised advertisements. Of course a website owner could argue that embedding a YouTube video is integral to their website’s operation but perhaps could not argue the same for a Facebook like button.
– What the law means for website owners
There are a few steps to go through in order to achieve compliance with the law:
- You must include a mechanism for obtaining consent before any cookies are stored (with one or two exceptions for things like load balancers and shopping carts that are deemed “strictly necessary”)
- You must make any technical changes to cookie-storing scripts in order to test for consent before a cookie is stored.
In practical terms it means you need to avoid using cookies or deploying third party software that uses them except where it is essential for the purpose making your website work. This is because as soon as explicit consent is required, users may refuse that consent.
– How can we help?
The above information is provided as a courtesy to businesses whose domains we host. It is our interpretation of this new EU directive and we do not accept any liability for the accuracy of this informaton. As a website owner you are responsible for understanding how the directive affects you and to take the necessary steps to comply with the directive.