The ‘Cookie Law’ came into effect May 2011 and website owners were given twelve months to take action towards compliance. Twelve months is up on 26 May 2012 and failure to comply could lead to a £500,000 fine. However, action will only be taken against you if a complaint is made and you are deemed not to be in the process of complying.
What is a Cookie?
a piece of data stored by a website within a browser, and then subsequently sent back to the same website by the browser
Cookies provide a way for websites to remember what a visitor has done whilst visiting that website. For example pages visited, buttons clicked, items added to a shopping basket and so on. This information can be stored on your computer for the duration of the visit or be kept recorded for a longer time. Information can also be stored on the web server which hosts the website – for example an online shop may store your address and details to make the checkout process easier in future.
Do Cookies Pose a Security Risk?
No. Cookies are text files and can’t be used to read information on your Hard Drive or to spread Viruses or Malware.
Terminology of Cookies
There are a variety of different cookies and names used; Session Cookie, Persistant Cookie, Secure Cookie, HTTPOnly Cookie, Third-Party Cookie, Super Cookie, Zombie Cookie.
Cookies that ‘belong’ to the website you are visiting and are set to the same domain that appears in your browser’s address bar can be referred to as First-Party cookies.
Third-Party cookies are set with a different domain to that which you see in your browser bar and as such send your visiting information to a third-party server. An example of a third-party cookie would be those set by advertisers who display their ads on a website you are visiting. It is how Google, for example, will serve you up very specific Ads that are likely to be of interest to you. So I might see Ads for Strawberry Jam because I have been doing lots of searches for it recently but you might see Ads for Holidays in Africa. Even though we are both visiting the same website we may both see different Ads – depending on the advertisers settings.
Modern browsers allow you to block Third-Party cookies and protect your Privacy. It is these Third-party Cookies that are of most concern to Privacy groups and the Law makers but First-Party cookies also fall under these rules.
So What’s New?
As of May 2011 websites need to gain permission from visitors before cookies are set. Because the Law had received such little publicity in 2011 coupled with the fact that most of the Government’s own website’s were not ready for compliance then we were all given 12 months grace. But time is up!
How do we Comply?
To comply fully with the Law a website must fulfil three requirements;
- prevent cookies being set when a visitor arrives at the website (unless prior consent has been given).
- provide information about the cookies that the site uses
- ask for visitor’s permission to set these cookies.
Please note that any cookie that is ‘strictly necessary’ in order for the website to function as intended does not require consent – this may include cookies such as for logged in areas or for shopping baskets etc..
The First Step – Cookie Audit
What’s a Cookie Audit and how do we do that?
A cookie audit is simply an review of all the cookies that are used on your website including their name, is and purpose.
However, if you would like to do this yourself then most browsers will be able to list the cookies contained on each page. From this you can then jot down each and using their id you can google for a definition of each cookie.
What then and how do we become fully Compliant?
If you would like to be fully compliant right from the 26 May 2012 then we have several solutions for you to choose from depending on your requirements.
Final Thoughts and Costs
We have seen businesses charging up to a £1000 to ensure websites become compliant and many others advertising £300 annual compliance contracts. These kind of figures are quite over-the-top for most websites in our opinion.
Please speak to us first for free and impartial advice.
Please do not hesitate to email or call on 01837 811277.
To learn more we would recommend visiting AllAboutCookies.org.