EU Cookie Law Means Changes for Websites

On May 26th 2012 the new EU “cookie law” will come into effect in the UK. This law will require businesses to significantly change how their websites function as well as bringing about changes to the online shopping experiences of internet users throughout Europe.

The new law applies to all organisations that operate a website in the EU, this includes organisations that aren’t based in the EU but offer services to EU web users – the law will be enforced by the Information Commissioner’s Office (ICO) in the UK.

What is a cookie?

A cookie is a small file that a website puts on a visitors computer so that it can remember something, for example the user’s preferences, at a later time. The majority of businesses and organisations in the UK currently use cookies for a wide variety of reasons – from analysing consumer browsing habits to remembering a user’s payment details when buying products online.

What should you do to become compliant…

  1. Remove any cookies that aren’t necessary for what your goals are on your website or that you no longer need.
  2. Provide information about the cookies you’re left with. List them by name on your privacy policy page or on their own page on your website and tell people what each one is used for.
  3. Determine the best way to get “informed consent” from users. Have a look at the ICO guidance for examples of how to best achieve this but in general a message displayed on your site before any cookies are saved to the visitors computer is the best method.

What will this mean for your website…

As long as you’re open about what you’re using cookies for, you obtain permission from your visitors before you store cookies on their computers (using a solution such as Cookie Control), and ensure that you only use third party features that use cookies if essential to the running of your website then everything should be fine.

You should also keep in mind that as web browser software catches up with the compliance law your visitors will likely have much greater control of how cookies are used by individual websites so it might not be very long before your ability to save cookies to your visitors computers is taken completely out of your control.