A Quick Review Of The Law
- The law was amended 26th May 2011, before users had to ‘opt out’ of having cookies dropped; they now have to ‘opt in’.
- As of 26th May 2012, the yearlong grace period that UK websites were granted to bring their activities in line with the law ends. UK websites now need to obtain the consent of users before placing cookies onto their browsers or devices.
- Websites need to be transparent about the cookies they use, be clear about what data the cookie contains and how they are going to use that data.
- Users need to be told about any cookie that may build a profile about them. The information needs to be made apparent to them so they are able to make an informed decision.
Why Is This Law Significant?
Cookies are needed by some websites just to operate properly (like remembering users preferences like font size). These types of cookies are deemed as ‘unintrusive’ and are necessary for functionality.
Cookies are used to gain valuable insights into user behavior through analytic cookies. Under the black and white of the law, only users who have opted in for analytic cookies can be tracked.
Digital advertising relies on cookies to measure performance and effectiveness of campaigns. These activities generate high revenues for online businesses and full compliance with the law could mean that these businesses lose revenue.
What can you as a website owners do?
Most websites by now have begun to take steps to becoming more compliant with the law and we are beginning to see real life examples of how these websites are going about asking for consent. If you as a website owner haven’t yet thought about this, then you might want to think about doing the following:
- Undertake an audit of the cookies you use
Before you can tell users what cookies you are using, you need to be clear of that yourself. Analysing what cookies you use and what information do they store is the best place to start. There are browser add-ons that you can use to count cookies. The easiest way is to install one, and then explore your site like a user would.
- Analyse those cookies and decide which are necessary
Once you have the knowledge of what cookies your site uses, analyse them, identify ones that you might want to stop using. This is your opportunity to ‘clean up’ those cookies.
- Update your privacy policy.
Be as transparent as possible so that users are clear on what cookies you are using and what they do.
Asking For Consent
- Pop Ups
Pop ups are the most unpopular option as they disrupt the user experience. Using pop ups to ask for user permission is likely to result in higher bounce rates or worse send the traffic into the hands of your competitors. BT has opted for this route and they have placed the pop up in the bottom right hand corner of the page.
- Lock the site until you get consent
Locking you site until you get consent seems like a risky option. Using consent as an entry barrier is something that the Financial Times has trialed. Their message alerts users to their amended policy however there is no button to opt out. The user is given no choice. Once the user clicks close, the organization is assuming consent. This may work for them as they have great brand strength and a unique brand offering, however not all brands will be able to use this option.
- Ask for permission in a header or footer banner
This is more discreet than a pop up yet if it’s not done well it’s possible that users may not notice it. By ignoring it and continuing through the site, it could be argued that users consent is implied. The legislation aims for websites to educate and allow the user to make an informed active decision. Fortune Cookie has created a (downloadable) widget for the footer of their site.
- Obtain consent when users sign up for your services
If you chose to tie the cookie consent request to a sign up process on your site, it’s important that this is clear to the users in your terms and conditions. You are effectively marrying the consent process with your marketing activities and the user should know this. It is also important that you contact your existing users to notify them of the update and request their permission also.
- Make the link to your cookie information page more prominent
A rather incompetent approach to add a link about cookies in the top right corner of the page and it would appear that this is a route that websites are taking. This approach does not actively seek the users’ permission and therefore does not fully comply with the law.
Should the ICO contact you about your website, you need to be able to demonstrate that you have taken action. Be ready to show them your audit and the actions you have taken and plan to take.
Gillian Cook is a search executive at SEOptimise, a search agency based in London and Oxford. While this post has been written to inform web owners of the changes in the law, Gillian is not a lawyer. If you want more information about the law in the UK you can read the full legislation here: www.legislation.gov.uk/uksi/2011/1208/contents/made