Skip to main content

Taking the biscuit

6th Jun 2012

UK privacy legislation, imposed on 26th May 2012 and driven by an EU directive (the EU’s Privacy and Electronics Communication Directive), demands that websites now ask permission before they set most cookies.

The new law targets websites using visitor tracking code and advertising – any website where the use of cookies is not deemed strictly necessary. Pretty much all UK on-line businesses are affected by this legislation and those businesses that remain non-compliant could be subject to fines of up to £500k.

The directive was initially established by the EU to protect the privacy of the millions of us who browse the Internet. Well-intentioned as it was when first proposed, alarm bells rang sufficiently loud enough in the immediate aftermath to cause a delay of a year before the law was put into practice. (It should have started from 26th May 2011). Fact is that most privacy issues surround identity and cookies that track and are used for advertising purposes aren’t interested in our identity. Who we are doesn’t really figure, it’s what we like to do. These cookies are there, in the main, to track behavior. It’s a ‘throwing the baby out with the bath water’ scenario times ten. Thanks a bunch, guys.

So the time is now upon us and we have three choices. We comply and ask permission of the visitor before setting the cookies, we remove the cookies or we simply ignore the new law. After all, the majority of websites are non-compliant and, realistically, they’ll have to make a few scapegoats before they get around to truly enforcing it and issuing fines to all. And is that ever going to happen?

Removing the cookies is really not an option. Most cookies serve a multiple purpose and to start tinkering will involve major work to maintain a serviceable standard or will restrict the website’s functionality. The real primary aim has to be to achieve compliance with the minimum fuss and expense invoking no major development costs and, most of all, doing it in a way that will have the least adverse effect on your business.

Recent commentators have speculated that to explicitly ask users to tick a box accepting all cookies could well reduce the number of users accepting tracking by up to 90 per cent. Pop up boxes at best detract from the content and, at worst, give visitors the opportunity to make a decision you don’t really want them to make.

Another discussed solution is to invite users to accept your terms and conditions which would cover the use of cookies or to ask users if they wish to change settings so that they have to opt in to the more difficult process of changing settings rather than getting quick access to the information that they want.

The law requires ‘informed consent’ for the use of cookies and maybe the word ‘informed’ holds the key. We need to make major efforts to educate the users so they don’t opt out on the use of cookies. In the long-term, browser technology will most definitely be sufficiently developed to offer a solution. In the short-term, take a pragmatic view and make sure you have a cookie policy a click away or positioned within the terms and conditions.

Be frank. In your policy, explain that you are using cookies and you’d like all your visitors to allow you to continue to do so as it lets you customize what products you offer and gives customers a tailored service. Lose the smoke and mirrors and spell out what is a win-win situation. Yes these cookies help the web-based business but they are there to serve its customers too.