If you work in the digital industry, have a website, or have just used the internet recently you may already be aware of imminent changes to the laws regarding online privacy. The impending legislation is set to govern how cookies are used, or as positioned by some critics, is set to deliver a damaging blow to the online experience to which we’ve all become accustomed.
The legislation in question is an amendment to the EU’s ‘Privacy and Electronic Communications Directive’ (2003). While this amendment officially came into force in Europe in May 2011, the UK was given a year’s reprieve and UK websites are not required to comply until 26th May 2012. It seems as though this delay way granted in order to give UK companies time to adapt and find practical solutions to these changes.
So what does it mean? In short, cookies are still allowed, but any website wishing to use them (or similar technologies) is required by law to receive ‘informed consent’ from a user in order to do so. The regulations cover all cookies (e.g. session and persistent cookies), from when a user opens the browser window to when they exit the browser, and consent is required for every kind of cookie, on an individual basis.
So how can you ensure that you comply with these regulations? The answer is simple; either stop using non-essential cookies or ask for consent.
How you go about getting consent for the cookies you use is another matter. The Information Commissioner (who will be enforcing the legislation) has provided full guidelines on the whole process including a series of examples of how consent could be requested, with a number of alternative techniques suiting different situations.