Tag Archives: EU Cookies Law
Is this what the ICO is expecting we do?
I recently visited the Information Commissioner’s Office (ICO), Web site to read some relevant news and was interested to see how the Office has initiated handling the cookie directive. First upon visiting any webpage at www.ico.gov.uk you’ll see the below notice:
What’s interesting here is you can only opt to accept cookies from this site. There is no option to decline cookies. However, if you click on the privacy notice, you’ll get more details on how the ICO uses cookies.
Within the privacy notice, the ICO has also published a grid of cookies on the website and how each one is used. This is very clearly explained to the visitor.
Of particular interest, one cookie, the Content Management System Cookie has the following statement:
This is a problem many organisations are going to face. It is likely that many organisations know some of the cookies on their website, but it is also highly likely that many organisations are unaware of all the cookies on their website.
If this is how the ICO expects all organisations in the UK to handle the cookie directive then this clear grid will need to be easily produced, updated and maintained; perhaps a challenging feat for many. At a minimum, a cookie audit is the first step in meeting the directive requirements.
This week I’ve attended IAPP Europe Data Protection Congress in Paris. Many of the 300 attendees were from law firms seeking more information on how to handle privacy regulations and particularly the cookie directive. I’ve highlighted on this blog previously that it is very unclear what organisations need to do to adhere to the directive, but once again it’s important to reinforce that pleading ignorance is not an option. You’ll be on the hook for any cookies known or unknown on your website.
The ICO is expected to publish a report pre-Christmas to help UK organisations with compliance. However it is highly likely that following how www.ico.gov.uk is currently handling cookies, will be the way forward for UK organisations. So as a starting point, audit your website for cookies. For more info on how to do this, please get in touch via comments below or through our Twitter feed @HiSoftware_EU.
On the rumour mill I’ve also heard that the ICO has lost a lot of traffic to the website something that is of grave concern to many marketers. Sites like Google Analytics will need to find another way of monitoring traffic particularly if sites, similar to the ICO, include the below details:
This cookie directive means we face a sea change in how the web serves its users and consumers. Convincing people to opt-in is a major challenge along with all the back-end issues, but also the geographical rules. Where does the cookie directive start and end? If a US company has a website based in the States, that also serves the EMEA market, what jurisdiction will this fall under?
The questions are currently endless. At least we have a starting point – audit your cookies.
Research Shows Cookies will Hinder Online Marketing
Research from affiliate marketing company affilinet at ad:tech 2011 showed that the EU cookie directive will make online marketing less effective. Only one in ten believe marketers will be able to engage consumers successfully without the use of cookies, according to the research.
The EU Cookie Directive is amended privacy legislation that requires websites to obtain informed consent from visitors before they can store or retrieve any information on a computer or any other web connected device. Businesses have until the 25th May 2012 to ensure their websites are compliant with the law.
The affilinet findings showed that only 12% of those surveyed believe that businesses will be able to engage consumers as successfully without the use of cookies. This represents a reduction from the 23% that responded to the same question asked at the 2010 show.
New Cookie Law Hindrance [News & Opinion]
I bet your company is one of the many violating the new cookie privacy law. The Register reported last week that almost the entire EU is in violation. The main difficulty though is where to begin?
Benefits of Cookies
A cookie is a file placed from the web server to the user’s machine so it can remember something about you later or track where you go. It may remember an IP address, or what you added to a shopping cart or other information.
Cookies allow a web application to respond to you as an individual. By gathering and remembering information about your preferences, the web application can tailor its operation to your needs, likes and dislikes. A cookie will allow web developers to create better web applications, applications that are more personal, easier to use and richer in their degree of interactivity. While some sites do not make use of cookies, they are widely accepted as a way to improve the customer’s web experience.
So what is the law specifically?
In summary, the new Regulations will require UK businesses and other organisations to obtain consent on an opt‐in basis to store, retrieve and use information from users’ visits to their websites and/or how they respond to emails (otherwise known as ‘cookies’ or ‘gifs’). Under the old 2003 regulations users only had to be told that cookies or gifs were being used and given an opportunity to opt-out.
Where to Begin
I’d like to wager another bet, that you might be able to describe some of the cookies you use, but maybe not all? Many companies face issues with trying to identify exactly what cookies they are using. Without this knowledge actually setting up opt-in consent is impossible.
Businesses need to be able to identify pages setting http-cookies, third party http-cookies, expiration http-cookies, document.cookie and input use of cookies with on-click. They also need to be able to evaluate http headers to identify pages that are setting cookies. This is an essential checkpoint for identifying where to begin with the new privacy law.
Financial Penalties
The ICO informed us last week that they will not be enforcing the law for a year, however financial penalties will follow after the consultation period is over. A year seems like a long time now, but it will fly by. Avoid those penalties now by identifying what cookies you are using to put in place the proper opt-in consent.
Image Source: scubadive67
Subscribe to our RSS Feed 
Follow Us on Twitter 
Find us on LinkedIn 