Monday, 28 May 2012

Cookie nightmare!

Maybe I've been living in a cave or something but I only heard about the new EU cookie law a few days ago so have spent hours reading up on it and finding out what I need to do to comply.  From 26th May it became law that websites based in the EU (and targeted to people in the EU) must tell people what cookies they use and get consent for non-essential cookies to be used.

I am certainly no computer expert but think I have a good basic understanding - although it turns out I really didn't know that much about cookies!  And according to the ICO's statistics only 13% of people fully understand how cookies work.  I hope if I share some of what I have learnt it might help someone else!

What is a cookie?
A cookie is a small text file downloaded onto a computer to send useful information back to the website.
Some cookies are essential to the running of the site and if cookies are disabled parts of the website might not work - for example cookies used to remember the contents of your shopping basket when proceeding to checkout.  These cookies are exempt from the law.
Other cookies are used for things like tracking visitors to your site (Google Analytics) and even plugins from places like facebook use cookies.

What do I need to do?
This is a bit confusing - especially as they changed the rules to say that 'implied consent' is a valid form of consent now.
Some websites now have pop-ups with a tick box for agreeing to the use of cookies.  But as most people don't understand cookies they will probably tick 'No' which will mean websites won't be able to properly analyse how people use their sites to improve them.
Even a lot of large websites aren't using the pop-up technique yet and with 'implied consent' something along the lines of an updated privacy policy page seems more sensible.  A few lines to explain that you use cookies, what they are for and what to do if visitors are not happy about cookies being used.

Do I have cookies on my website?
The ICO recommends that you conduct a cookie audit.  Apparently it's easy to see some types of cookies you have and you should get your IT department to check for the rest.  I thought that sounded great - it's just me, I don't have an IT department and don't want to pay someone else to do it for me.
After much research I've found that you can see exactly what cookies are on websites using Google Chrome (free to download!)
When your website is up, click on the spanner symbol (top right - 'Customise and control Google Chrome').  Go to Tools >> Developer Tools and a window comes up along the bottom of the screen.
Under Resources there's a drop down box for Cookies - listing all the cookies on that page (remember to check all the pages on your site).
This site has more information on doing a cookie audit:

Can't I just ignore this and hope it goes away?
There are probably thousands of websites now breaking the law and I really doubt whether they will go after every small business or blogger.  But there is a maximum penalty of £500,000 and I'd rather do something now than pay a fine later!  The ICO wants to encourage compliance so you at least need to show you are working towards complying (eg cookie audit) and they're more likely to help you before handing out a large fine.

I suppose there are some cookies where this law will be a good thing and it is probably targeted at larger companies, but it seems over the top to me when most cookies are safe.  It's already annoying coming across websites that keep asking for you to accept cookies and as most people don't understand them it's more likely to scare users and turn people away from using the sites.  By adjusting the privacy settings in your browser options you can already choose how you want cookies to work on your computer.  Perhaps it should be up to users to make sure their settings are correct to protect themselves from intrusive tracking cookies, like you use anti-virus software to protect your computer.
Hopefully I have done enough to now comply with this law! (Here's the piece I have added to my website)

No comments:

Post a Comment