Are you ready to comply with the new Cookie Law which is set to be enforced on Saturday 26th May 2012. The law looks to stop the use of cookies tracking browsing habits anonymously, without consent. So, if you use cookies as part of your marketing or advertising strategy, under the new law you are required to obtain users opt-in if you want to drop cookies onto their browsers, and its not device specific.
The law relates to the placement of cookies on all devices including mobile. The fines for breaching the the law can be anything up to a maximum of £500,000 in the worst case scenario.
Basically, to comply with the law you need to provide "clear and comprehensive" information about the use of cookies on your site and provide your users with an option to opt-in or out of cookie deployment.
The new law, comprising an amendment to the EC's
Privacy and Electronic Communications Directive, actually came into effect on 26th May 2011 but the ICO gave businesses 12 months grace to comply and alter their processes in line with the law. However, a study conducted by KPMG last month concluded that 95% of UK business had yet to fall in line.
I believe it was hoped that in that 12 month window, industry would respond to the new law with technological solutions to deliver, for example, a browser based solution/plug-in allowing users to opt-in or out of a sites cookie usage. But as far as I can see, no industry quick-fix solution or best practice has emerged and the examples of how companies have tackled the problem are very light indeed. The ICO itself has crudely made sure its site is compliant already by
adding an alert banner to the top of its site stating "The ICO would like to place cookies on your computer to help us make this website better" and then a check box for the user to acknowledge they have read and understood their privacy notice.
It has been made clear that the ICO will be investigating all UK websites that fail to comply, especially if a
complaint is made using their online complaint form, against your company for using cookies incorrectly.
We highly recommend you read the
advice and
guidance published by the ICO on their website and use it to help you correctly audit your site and understand exactly what and how many cookies your systems are placing on peoples computers enabling you to make an informed decision about the correct compliance solution for your business. You are probably using cookies if your site displays adverts of any kind, banners, google text ads, Message Plus Units etc. If you are using Google Analytics, you are probably going to need compliance too!
Whilst researching the cookie law I came across
The Cookie Collective who have a free to use Google Chrome plug-in called
Optanon Audit, that you can use to Audit yourself and see how many cookies you are using. (I haven't registered for or tested the plugin yet, so can't review or comment on it)
Hopefully after using a tool like this, you will then be better informed of what your website does actually pass to your users computers and devices and be able to plan for compliance.
For an annual fee of £295+VAT you could use The Cookie Collectives' fully managed software service
OPTANON, which is a combination of the audit tool and an advanced compliance management service that they state as making your website cookie legal! It does this by creating a customised opt-in overlay for your website that 'should' cover you under the new EU cookie law.
But for now, the ICO have said they would be happy for businesses to at least of conducted an audit of their site and be in the process of constructing a plan for compliance. So as long as you and I are seen to be making positive advances we'll be OK, for now!
If you come across any clever solutions to this legislation, let us all know by leaving a comment below.