----
Cookies Law and how it affects you
The laws governing privacy and the use of cookies are changing. So what's changing and how do you ensure your website is compliant with the changes?
In 2003, the Privacy and Electronic Communications Regulations required that websites using cookies for storing information, informed people of how the website uses cookies and advised them how to 'opt out' if they objected to the uses defined. The most common method to satisfy these requirements was to add detailed information to a site’s Privacy Policy and give people information on how to disable cookies within their browser.
From 26th May 2011 the Privacy and Electronic Communications Regulations will require websites that use cookies to ask users to ‘opt in’ to allow the storage of cookies on their pc, mobile device, tablet etc. This is instead of simply providing information in a website’s Privacy Policy about the use of cookies and how to disable them in common browsers.
What actions you can take
The Information Commissioner’s Office has advised that website owners should make a list of all cookies and similar technologies being used on your website and how they are used. For each one, determine how intrusive that method is, i.e. does the information track people’s habits on your site, and is the information used by third parties?
You will then need to decide which method of obtaining consent will give people the best experience on your site and fulfil your requirements. Methods include pop-up windows or requiring users to accept Terms and Conditions before they use your website.
Exceptions to the rule
This rule applies to all cookies in use on a website unless the cookie is "strictly necessary" for a service requested by a user, for example, a cookie used to maintain the contents of a Shopping Basket; however the details of these cookies and their use should still be detailed in a website’s privacy policy. An example of a cookie which would not qualify under these criteria would be those created if your website uses an analytics service.
The main message within these changes is to be transparent about how your website functions. The challenge is gaining consent from all those who visit your site, be they registered members of your services or general visitors. As website owners you will not want to alienate people from using your website and services, but instead empower them to make the correct decisions.
More Information
For more information, please refer to the Information Commissioner’s Office guide
For a bit of commentary on the situation, I'd highly recommend taking a look at Andrew Westgarth's "Cookies Law: Ah the Irony!
