European Cookie Law
This is just a heads up post to provide a quick explanation on European Cookie Law which came in force today, 26th May 2012.
If you’re not familiar with it, you can read more about it below:
- ICO guidelines – https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/
- Brief overview of legal aspects and documents – http://www.out-law.com/page-10021
- BBC news article – http://www.bbc.co.uk/news/technology-18206810
In short, it forces all companies which operate in EU to disclose and provide users with information about any cookies stored on their computers while accessing the website or service. Moreover, if you use tracking cookies you are required to seek user’s consent.
If you don’t know what a cookie is – it’s small text file which is created and stored in your browser whenever the website needs to save some information with the current user. A typical cookie usage would be at login/logout – it stores some unique data to identify the user or to log you back automatically. If you use Google Analytics code in your website, it tracks user statistics using a special set of cookies. Same goes for Facebook Like buttons, Twitter widgets etc etc. A more detailed article can be found on Wikipedia – http://en.wikipedia.org/wiki/HTTP_cookie.
What you need to do
A rather quick solution to comply with the law:
- Decide whether cookies used can be classified as required to provide a service and thus being exempt to obtain prior user consent
- If necessary implement functionality to use allow usage of cookies selectively for users which have given prior consent. This last step might development time and need to be considered and planned carefully as it might involve changes of existing functionality.
Examples of what other websites already do
- BBC – http://www.bbc.co.uk/privacy/cookies/bbc/
- Guardian – http://www.guardian.co.uk/info/cookies
- HSBC – https://www.business.hsbc.co.uk/1/2/legal/cookie-policy