An EU law was passed in May 2011 stating that websites must gain consent before leaving non-essential cookies on visitor computers. The deadline to comply with the law is 26th May 2012.
This law applies to both individuals and businesses based in the EU regardless of the nationality of their website’s visitors or the location of their web host. It is not enough to simply update your website’s terms and conditions or privacy policy.
You can find some really clear information about the law and what it means here at Silktide. I really recommend that you give it a read! You can also read the advice leaflet published by the Information Commissioner’s Office (updated 25th May 2012). If you need to know more about what cookies are and how they work, have a look at Ecademy’s recent post.
Am I affected?
Over 90% of websites are affected by this law. If you have Facebook like buttons, Analytics, Advertising, Log in, User Preferences or Discussion areas, you probably are affected.
So how do I go about making my website compliant with the new EU law?
1: You must audit your site’s cookies and give clear information about them on your privacy policy.
If you don’t have a privacy policy on your site, you should add one. It must include details of the information you collect, and what it is used for. Have a look at ICO’s privacy notice if you need an example. There are lots of browser plugins available that can help you with this, or if your site is using WordPress, you can install the oik and cookies shortcode plugins to create your list. Either add this to your Privacy Policy, or create a new easily accessible page for it.
2: You must include a mechanism for gaining consent before any cookies are stored.
There are a few exceptions to this for “strictly necessary cookies, for example for shopping carts, but those exceptions are few and far between.
There are many free cookie consent plugins available. Cookie Control from Civic UK (which also has an easy to install WordPress plugin) and Cookie Consent from Silktide both look good and they have a lot of useful information on their website.
3: You must make technical changes to cookie-storing scripts so that they test for consent before a cookie is store.
You can find more information about that here and here. However, depending on the software you are using, complying with this may be easier said than done!
There are many differing views about whether or not the new laws are worthwhile or reasonable. But the unfortunate fact is that they are here, so legally speaking should be acted upon.
If you are an IndigoBird customer, and you have questions about how this new law affects you, please get in touch for an informal chat or a quote for making your site cookie compliant.
