Tomorrow marks the cookie implementation deadline and from the end of today all UK websites that store cookies should have implemented some sort of policy, or they could be facing fines.
Over the last week major sites like the BBC, the Mirror, BT have started to obtain consent from visitors to store or retrieve any information on any device from computers through to smartphones and tablets.
The reason they're doing this is because of the Privacy and Electronic Communications Regulations law. The law was designed to protect online privacy by making consumers aware of how information about them is collected by websites, and enables them to choose whether or not they want it to happen.
It started as an EU directive adopted by all EU nations on 26 May 2011, and this directive was brought into UK law through the Privacy and Electronic Communications Regulations. Although the directive came into force in May 2011, the UK Information Commissioner Christopher Graham gave British organisations a year to conform.
A code of conduct introduced by the London office of the International Chamber of Commerce at the beginning of April implied website owners will need to differentiate between cookies that they need simply to make a website work, those that provide enhanced functionality, and those that exist simply to gather information for the site's own purposes.
Most UK companies are reportedly expected to miss today's deadline, and both Graham and Communications Minister Ed Vaizey have said that they are unlikely to punish firms severely while the new policies are phased in – fines could be as much as £10,000.
Good cookie, bad cookie
You will however have to comply with the law at some time in the future, so here's our quick guide to "bad" cookies and your website choices.
Third-party cookies are the cookies that pose the most compliance issues. For example, a cookie that is used in behavioural advertising, where they identify what you click on and tell advertising websites to display that type of product or service wherever you go afterwards. From 26 May, website owners must disclose or seek permission to use this type of cookie.
Next up is the "persistent cookie" that remains on a computer after the customer has moved on to another website. They're also one of the most useful cookies, as they're the cookies that flag that a person is a returning customer and enables your website to be personalised. They're also used extensively in web analytics, so you could potentially lose all that valuable tracking data.
You effectively have two cookie options
Previously, cookies were used on most websites on an opt-out basis, meaning many site visitors undertook their web sessions with no idea that cookies were being used. The new regulations mean that users now need to opt-in to a cookie session – making it far less likely that they will be accepted
An explicit opt-in/opt-out - If your site has third-party advertising, social media connectors, uses web analytics then your safest bet is to seek explicit opt-in from visitors via some kind of very visible opt in like those used by BT.
Implied consent via notice If your site doesn't feature advertising and uses cookies for functional purposes (accessibility, Facebook Like buttons and Google Analytics), then you may be fully compliant if you have a cookie notice displayed clearly on your website referencing details on your privacy page.
We'd like to hear what you think about the new cookie legislation. Are you waiting to see what others do? What approach are you taking? Leave a comment below and share your feelings.
