A new directive, which covers how websites use ‘cookies’ and similar technologies for storing information on a user’s equipment, such as their computer or mobile device, came into force in Europe on 26 May 2011. If cookies are used in a site certain information must be given to that site’s visitors and the user must give his or her consent to the placing of the cookies on their computer.
The Information Commissioner’s Office (ICO) has said that websites need to be sure their cookies comply with the new law, but because of confusion surrounding the implementation, a year’s grace was given for websites to adhere to the new law. The deadline was 26 May 2012.
What is a cookie?
What is their use?
Cookies help your internet browser to navigate a website and also enable you to use all a site’s features like logins, preferences, online shopping carts, language settings and themes, amongst other features. The interaction between users and web sites is also made faster and easier with cookies.
Cookies are solely used to help your browser process a website: they do not collect information from your computer, or snoop on your files. Without cookies it would be very difficult for a web site to allow a visitor to use an online shopping cart, or remember the user’s preferences or registration details in future visits.
Cookies are also used by web sites for the purposes of collecting demographic information about their visitors. Once again, the information gathered cannot personally identify specific visitors to a site, and uses tracking for routine administration and maintenance purposes.
Are cookies dangerous?
Cookies are not dangerous, they are small pieces of text, not computer programs. They can’t be executed as code, nor used to disseminate viruses. Additionally, modern browsers allow users to set their own limitations to the number of cookies saved on their hard drives.
Cookies and privacy
Cookies cannot access your hard drive, so a cookie can’t read other information saved there, or obtain a user’s e-mail address etc. Cookies only contain and transfer to the server as much information as the users themselves have disclosed to a certain web site.
The most common reason for users rejecting cookies, is that information such as surfing habits may be passed to third party web sites without a user’s knowledge or consent. Even though a server cannot set a cookie for a domain that it is not a member of, users quite often find cookies on their computer from web sites that they have never visited. These cookies are usually set by companies that sell internet advertising on behalf of other web sites.
What does this mean for web site owners?
The ICO states that,
“Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
The Regulations are not prescriptive about the sort of information that should be provided, but the text should be sufficiently full and intelligible to allow individuals to clearly understand the potential consequences of allowing storage and access to the information collected by the device should they wish to do so.
Exemptions from the right to refuse a cookie
The Regulations specify that service providers should not have to provide the information and obtain consent where that device is to be used:
- for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or
- where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user.”
In other words, it is left up to web designers, developers etc. to sort out the best solutions for clients’ websites with regards to telling their site visitors about any usage of cookies.
For more information on cookies see the Information Commissioners Office
Contact us for help in making your website compliant with the new EU Cookie Law.