Call 03332 207 677
Everything You Need To Be Cookie Law Compliant
The new EU cookie law is due to come into effect in the UK on 26th May 2012. The Law has been in effect for over a year in the rest of the EU but the UK was given a one-year extension to conform.
Who is responsible for it?
The Information Commissioners Office (ICO) are responsible for enforcing the UK law and have the power to issues website owners fines up to £500,000 for serious breaches.
Who needs to conform?
The new EU Cookie Law applies to all countries within the EU, which is quite obvious, but what isn’t really that clear is that even countries outside of the EU may also need to conform.
For example if you are a website in the USA (or any other country) but you are targeting / selling to people in the UK you would also need to comply. This, I believe, will be one of the biggest hurdles for the ICO when it comes to enforcing the new rules.
Video Guide
To help get you ready for the law, we’ve put together a video guide. Alternatively you can browse the key points below:
What this means:
This means that before 26th May 2012 you will need to have something in place where you make it clear to your website visitors a chance to opt in (consent) rather than opt out (remove consent). You also need to tell them what cookies you are collecting and what you are using them for along with their degree of intrusiveness.
How websites gain consent is open to interpretation but it could mean anything from clicking a button, subscribing to the website’s service or dismissing a banner, toolbar or popup. There is also ambiguity over whether the consent needs to be gained prior to any cookies being set.
Not all cookies are baked the same:
Some cookies do not require consent to be gained; these are cookies that are strictly necessary for the site to function and are classed as ‘essential’:
- Essential Cookies are cookies that are strictly necessary for websites to serve their function such as cookies for shopping baskets, log-ins and security.
- Non Essential cookies are used for advertising such as affiliates, tracking and analytical purposes too.
What you need to do:
- Read the Guidance on the new cookies regulations from the ICO
- Check what cookies your website is using, we like Ghostery but other plugins are also available
- Update your privacy / cookie compliance policy to include a list of your cookies (for example Department for culture media and sport and GOV.UK) including what they are used for and you must ensure your privacy policy is easy to find.
- Pick a solution to use to gain consent (we have listed some below that we like)
- For goodness sake test to ensure your site still works in different browsers when you finish
3 Solutions:
- Cookie Control – This is our choice for compliance due to the customisations you can make to it and also it is totally free. They have different plugins for WordPress, Drupal 7 and Magento not to mention a standard website version which features a menu in the bottom of the website. But the main reason we love them is they support it very well and we even had a call with them to sort a issue we ran into, now that is service!
- Cookie OK – If you have a WordPress website and are looking for a simple WordPress plugin with a top banner display then this plugin could fit your needs.
- The Cookie Collective is a managed system where for a yearly fee it updates and alerts you to changes in your cookies so you can make the required amends.
Why I believe the ICO have got it all wrong:
I believe that they have got this all wrong, I understand the arguments for privacy and making things clear for website users with regards to what information is being stored, and what it is used for. But I disagree with how it is being implemented as I believe that the majority of website owners won’t even have a clue about the new law and their requirement to conform to it.
It is also unlikely to solve the problem – they are trying to improve security ( as well as privacy) for web users but I think it is unlikely anyone with harmful cookies is going to implement a consent option.
An easier solution:
Wouldn’t things be so much easier if the very few browsers in use today just had a simple feature that managed cookie compliance? That way users could do as they do today and say “hey just want to surf and im not interested and don’t want to be bothered with all this” or “actually I don’t want to share this information sign me out to everything” or even “Mr browser please let me pick my preference site by site or cookie by cookie”.
This way on every site it would be clear not just on the ones who either a) care or b) know about the new law, as I believe you will see well under 10% of websites conform to this or make any effort to conform. It is also very likely this will only be big companies scared of the ramifications and big fines. Because really are the ICO going to go after a two page mom and pop site with no revenue because they don’t conform? I don’t think so.
We will be using Cookie Control for the Koozai website and are ready to go live with it on the 25th, so what will you be doing to conform? Or will you not? I would love to know so either comment below or tweet me.
Image Source
Freshly baked chocolate chip cookies via BigStock
Share this post
About the author
Ben Norman
Ben’s the big boss, so we can’t pick on him. He’s a bit of a technical SEO geek and loves tinkering with new websites. Ben lives and breathes the industry so we’re not sure what else he does with his time. We don’t even think he sleeps.
I’d love to see how they are going to enforce this on anybody except a few BigCo test cases…..
Definately, it’s practially impossible to police. As there’s so many different methods of implementation it’s not like they can just search a site code to see where it isn’t included.
Not to mention that the tracking codes could be hidden in includes. What happens if someone at the ICO views a site, accepts cookies and then someone else on the same IP comes along? In theory they won’t see the pop-up and if it’s hidden in the code, they won’t find that either.
Also the punishment doesn’t fit the crime. £500,000 is extreme and does signify that it’s mainly a punishment for the mega brands. It would cripple most businesses.
notice there is no mention anywhere (in the law that is) about flash cookies.
I believe they don’t fall under current proposed legislation.
And to top it off, have you ever tried deleting your flash cookies? If not, try it now, and post how long it took
Flash cookies are included, as is web beacons as already stated how they will address the law will take ages to set precedence.
Nice post, I think I will suck it and see, after all we all know what happened to the ICO when they implemented cookie opt in, I think this could be construed as very anti competitive as non eu companies will still be able to track and we all know the value of analytics in seo. Do you know how many eu sites have implemented this, and how?
Thanks for the article and resources.
It would make more sense to make the giving permission part compulsory.
See, if you only show a strip or similar with a link to your policy and the option to give permission without making this compulsory before allowing people to continue using your site, people could easily ignore that, and then if something goes wrong, they could later claim you never asked them for permission.
Regardless of how likely that is to happen, it’s not worth taking chances.
So when someone comes on my website, the first thing they’ll see is a modal pop-up opening with an explanation that my business has to solicit their permission in order to comply with the EU cookie law, the required information in laymen terms for them to read, and a ‘I agree to give permission, continue to website’ button. They will not be able to close the modal pop-up until they’ve clicked on this button. The only other option they have is to close the browser tab or go to another website.
Harsh.
Horrid UX. Having said that, it’s lousy UX to expect me to fill out two compulsory fields so that I can post a comment (it’s an inconvenient interruption), yet it’s done on many sites and many people still comply if they feel they have something important to say. All I will be asking for from my visitors is to click a button. Whether they actually read the policy is up to them. If they feel it’s important to browse my site, they only need to click ONE button.
Will I still lose some readers or clients? Probably.
But it keeps my business safe from the ICO, whether or not they’re likely to fine me for breaking the law.
I’m damned if I do and damned if I don’t.
I’m erring on the side of caution because not every website visitor is going to be turned off by the fact I’m abiding by a law that some Eurocrat dreamed up.
I’d rather lose some visitors than be hit with a fine. It’s a no-brainer in my book.
My question is, will I need to show the modal box again to a returning visitor when they’ve already given permission the last time they visited? Perhaps I should add another check box saying, “Please don’t ask again.”
By the way, the EU cookie law is being talked about all the time on Twitter so awareness is spreading. Check out the #cookielaw hashtag to see for yourself. Whether that means the law will be significantly improved or abolished, I’ve no idea. But if people don’t know about it, they soon will.
If this stupidity has been active in the EU for over a year now, does anybody have any evidence or knowledge of Court Cases having been brought by the EU Courts for non-compliance. You would think that there would be a few by now and, if so, what was the outcome and level of fines (if any !!)??
What do you think?
Latest Posts
Samantha Noble Is #6 Of The Top 25 Most Influential PPC Experts
Our friends at PPC Hero recently released their annual list of the top 25 most influential PPC experts and I’m delighted to announce that our Client Strategy Director Samantha Noble came in at sixth place. Everyone at Koozai knows what a PPC superstar Sam is so we couldn’t be more proud of her.
Virtual Insanity: How VR Is Taking Over The World
A few months ago, I drove a scooter through a cartoon market whilst being chased by a giant eagle. I raced through the streets and burst through various vibrant shopping stalls, occasionally looking over my shoulder to check whether the ginormous purple bird was gaining on me. Before you ask, no, I wasn’t high, and […]
Koozai Shortlisted For Even More Awards
Here at Koozai we put a lot of work into our clients’ campaigns so we always love it when we see our team’s effort being rewarded with not one, not two, not even three or four – but five of our award nominations being shortlisted.The Drum Search Award Winners 2016 Best Retail Ecommerce SEO Campaign
We’ve needed to have a shuffle of our awards cabinet as we’ve got another award to add to our arsenal. You may have seen from our Twitter posts just how excited we were to have been shortlisted for The Drum Search Awards 2016. Well, we are now super proud to announce that we have won Best […]
How To Hijack Hashtags
Piggybacking on news stories isn’t exactly breaking the mould. PR’s have been doing it for years. When executed well it can be incredibly successful for your brand. So how about hijacking hashtags? Can this work for your brand?Dominating the Paid Media Universe #TheInbounder
Today I had the honour of speaking at The Inbounder conference in Valencia on the subject of paid media and how we as advertisers should be utilising as many of the relevant platforms as possible to channel our audiences through the purchase funnel.Win A Ticket To The Inbounder Conference 2016 Worth €400!
You heard us right, Koozai are giving one lucky person the chance to attend Europe’s biggest digital marketing event of the year, The Inbounder Global Conference 2016.
31 Things We Learned When Majestic’s Dixon Jones Visited Koozai
We recently had the pleasure of welcoming Majestic’s Dixon Jones (@Dixon_Jones) to the #KoozAcademy to give us a complete understanding of what is possibly one of the most important tools for SEO and the content needed for researching and monitoring websites.Samantha Noble to talk PPC Funnels at The Inbounder Conference 2016
Good news at Koozai HQ. I’m pleased to announce that on the weekend of 19-20 May I will be attending and speaking at The Inbounder Global Conference. This year’s conference will be taking place in Valencia and will be their biggest yet with over 800 early bird tickets already sold.Koozai and Papa John’s Shortlisted for 2 #EUSearchAwards
We are extremely excited to announce that we have been shortlisted, not once but twice, for this year’s EU Search Awards! The two categories are Best Use of Search for Retail and Best Local Campaign. Both of these nominations have been for our ongoing and dedicated work with Papa John’s, the highly successful pizza delivery […]
The Ultimate Guide To Using SISTRIX For SEO Success
SISTRIX encompasses so many features that I could probably write about it from a range of different perspectives, but today I’ve looked at some of its key elements from an SEO standpoint. If you’re looking to compare your site’s visibility within the SERPs to that of your competitors’ sites while also monitoring keyword changes and […]
7 Comments