Why is everyone suddenly freaking out about cookies?
In response to the EU Cookie Directive, the UK has updated the Privacy and Electronic Communications Regulation. The UK Cookie Legislation came into force on May the 25th 2011. The UK Cookie Legislation is a direct copy of the EU Cookie Directive, but as a result of confusion around how to become cookie compliant the UK delayed the enforcement of the law until May 26th of 2012 (instead of EU’s May 26th of 2011.)
So, as of tomorrow, your website may or may not be in compliance with this cookie directive.
We here at Fat Beehive have issued the following guidance to help our clients become compliant with the directive. By implementing at least the first two of the three options below you can demonstrate that you are moving towards compliance.
1. Amend your privacy policy
The first step towards compliance is to demonstrate that your organisation has understood the requirements of the regulations and that you are willing to be transparent about the use of cookies on your site.
The following statement offers a general explanation of what cookies are and how your site might implement them. It does not exhaustively list the cookies that may be in use on your site and does not provide a mechanism for preventing the use of cookies other than by directing a user to documentation explaining how they can change their browser preferences to manage cookies.
“When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
These pieces of information are used to improve services for you through, for example:
You can manage these small files yourself and learn more about them through “Internet browser cookies – what they are and how to manage them”
2. Identify cookies in use on your site
As an extension of step one you can go on to list the cookies that are specifically used on your web site. We have listed common modules or plugins that use cookies below. Though this post references our own CMS modules, similar functionality in your CMS product will likely use cookies as well. If your site uses any of these you should mention them in your privacy policy.
Google Analytics
Used by a majority of web sites, Google Analytics uses at least four first-party cookies to anonymously collect information about traffic to your web site. If you’re our client, your site definitely uses Google Analytics cookies. For further details on the cookies set by Google Analytics, please refer to the Google website.
Social media plugins
If your site uses a Facebook plugin (such as a Like button) or a similar plugin from any third-party social media service it is likely that each of these plugins will store their own third-party cookies. If you use any of these plugins, or a service such as ShareThis or AddThis, you should name each provider in your privacy policy.
Embedded content
If you site embeds content from an external web site such as YouTube or Google Maps it is likely that each of these web sites will store their own third-party cookies. If you embed content from an external web site you should name each content provider in your privacy policy.
Beekeeper modules
If your site uses the Beekeeper content management system and you use a forum, polls, or have password protected areas, these modules may store cookies for essential functionality such as maintaining the user’s login state during their session. These cookies are classified as the lowest priority in terms of compliance because they provide core functionality and may or may not be mentioned in your privacy policy.
3. Implement user consent
Fat Beehive have a solution ready for organisations that wish to explicitly ask their visitors for consent before storing any cookies. While this can be seen as following the regulation to completeness, it is also the most intrusive in terms of user experience. Most importantly, it will adversely affect your Analytics reporting data. This kind of consent device can already be seen on a number of web sites in various formats, none of which appear to have been entirely successful to date.
To implement this device on your web site Fat Beehive need to audit your site’s use of cookies and modify parts of the site to ensure that they can be disabled if a visitor chooses not to accept cookies. The cost for making these changes is dependent on what cookies your site uses (see above types for examples).
So what should I do?
Using the guidance above you can implement changes to your privacy policy immediately and free of charge. If you would like to find out more information about implementing a user consent device or would like Fat Beehive to quote for auditing your web site’s use of cookies please get in touch.
Please note: We are not lawyers and this should not be considered legal advice. The information here is based on our understanding of the EU Cookie Law and you should always seek professional legal advice to ensure compliance.