The New EU Cookie Law: ePrivacy for eDiots

[And What Businesses Can Do to Respond to It]

You have been warned. In fact, you’ve had more than a year and a half since it was first announced that the EU ePrivacy law was coming into force. So, whilst it may be a daft Eurocrat edict, it’s here, and you’ll have to deal with it.

The new EU Cookie Law is coming into force on 26th May 2012 so, for your benefit, here is a sensible guide and next steps for businesses in the UK wanting to ensure that they understand this law and are taking proactive steps to tackle it for their website.

Not Heard About The ePrivacy Law?

This law forces all website owners to inform website users clearly on the ‘cookies’ (small files placed on the users computer to identify that they have visited the site), and give clear direction on how users can opt out of cookies placed on their computer.

However, not all cookies are equal. A cookie which is deemed essential to the operation of a website (for example a cookie used for a shopping basket on an ecommerce site) is an example of what is acceptable and necessary. A hidden third-party tracking cookie shared with advertisers is an example of what is being specifically targeted by this law.

Put simply, the more intrusive or unnecessary the use of the cookie – the more you need to seek overt consent from your website visitors.

Which Cookies to Watch Out For?

These are the types of cookies which need proactive action on your site. You almost certainly will be using at least Analytics:

• Analytics – third party and non-essential to the workings of your website. First party (hosted) ones still need to be identified
• Advertising – first or third party advertising cookies will need to be overtly opted into
• Affiliate – similar to advertising, if you use affiliate cookies you are sharing cookie data with third parties
• User Identification – any cookies used to identify return visitors

Before May, at Least Demonstrate an Intent to Comply

It sounds like a disaster, and if implemented on 100% of websites, then the new ePrivacy law would not only be extremely expensive to comply with, but ultimately frustrate all website users to the extreme. Imagine if every site you visited had ‘tick this’ or ‘click that’ as banners or pop ups? Nerves would be frayed.

However, the important point is this: you need to do something. Here are four steps you can take straight away in order to show that you are taking this matter seriously:

1. Update your privacy policy – the chances are that your privacy policy is not up to date with the latest information on the cookies you set, and what their purposes are. You need to do this anyway so it should be done as a matter of course
2. Download a suitable document with guidelines – it is important that you can demonstrate that you are not just operating on your own instinct, our recommendation is to download the IAB (Interactive Advertising Bureau) guidelines on the ePrivacy directive, print it off, and keep it for reference to demonstrate that you’re compliant
3. Conduct a cookie audit – discover every cookie your site sets when visited and document for what purposes they are used for
4. Remove unnecessary cookies – there are many cookies that are set by sites which are never used. For example your site may be using a content-management system, but you don’t actually NEED that cookie: so make it optional or don’t set it

However, for some using Third Party Cookies this may not be enough. It is important to perform the audit and then seek legal advice to ensure that your policies are compliant and you are taking enough action on your site to comply with the law.

Want Some Help With This?

You can do all these things yourself, but it may be that you want an independent audit from an agency familiar in all these things to not only tell you which cookies you set, but provide clear reporting and guidance on what to do about it.

Just contact us, mentioning ePrivacy in our contact form, or call 01962 605 000 and we’ll be able to help.