How To Be Cookie Law Compliant: Video Guide

Hi. Today I want to talk to you a bit about the new EU Cookie Law that’s going to be coming into effect on the 26th of May, 2012. So the new Cookie Law is being put in place by and regulated by the ICO, who are going to be responsible for making sure that websites actually conform and are making an effort to conform to the new guidelines that have been laid out.

Now we’ve already had a year-long extension. In the rest of the EU, this has been in effect for quite a while. We had an extra year. That comes to an end soon, and it’s going to be important as website owners we’re actually making an effort to conform. Otherwise the ICO will be dishing out fines of up to £500,000 for serious breaches, which, let’s face it, nobody wants.

So what does it all mean and why is it here? I mean the reason this has been brought in is, up until now, most of the time when a website user comes to a website, the website is dropping cookies on their computer and using that to store information, and we’re using that to track different things to create a better user experience or to save a shopping basket transaction.

Now, some of these cookies are essential. For example, someone’s going around and they’re adding things to their shopping cart. If you can’t drop a cookie to store what they’re actually shopping and looking for and they’re not logged in, there’s no way you can do it. So these are essential cookies, and they’re going to be unaffected. But things like analytic cookies and cookies that monitor and track behaviour, user behaviour, and customise websites based on their behaviour or show different advertisements, these are non-essential, and this comes under the new EU Cookie Directive. So it’s important that we go a way to try and conform.

So from now on, what is supposed to happen is that when a user turns up at a website, it’s very clear what cookies are being stored, and they have to actually explicitly consent to those cookies being stored. So for different websites, this is all open to interpretation, and people are interpreting this in different ways. Some are interpreting it in the way of when people turn up, we store no cookies until the time that someone actually clicks on a banner or a button saying “I allow cookies to be stored.” Others are going down the route of making it very clear that cookies are being stored and saying you can sign out, you just press this button, follow these instructions, no cookies are stored, and you have the choice.

Now people are interpreting it in different ways. It’s going to be up to you how you interpret it and how you put something in place. The important thing is that you actually take action and put something in place before the deadline of the 26th.

So what you need to do now, what I would advise is that you go to the ICO’s website and you read their guidance regulations on the new Cookie Law, because in there, they lay out different things about how things should be done, what should be tracked, what shouldn’t. They are a bit wooly, and they are a bit fluffy. I’ve read them about three times now, and the more you read it, the more confusing, quite frankly, it gets, because they’re not very clear on any part of it, and I’m sure that after the 26th there are going to be cases brought against different websites that haven’t conformed, and there are going to be lots of arguments in court. So we’re just going to have to wait and see. The important thing is that you read them, you try to understand them, and you go some way to make an effort to put something in place.

The next thing to do is check your cookies. What cookies is your website dropping on users’ machines. It may be that you don’t have any cookies. It would be very unlikely, because it would mean you don’t have essential things, like Google Analytics or some sort of analytics program or package in place, which would be criminal, quite frankly, because you don’t know what’s going on. We use something called Ghostery. It’s a free bit of software that you download, compatible with most browsers. Then when you’re surfing a website, it will tell you exactly what cookies are being dropped onto your machine. So you can use this to quickly see what cookies have been dropped, what they’re being used for, and the level of intrusiveness for them. So whether they’re essential or nonessential cookies.

Then the next thing you’re going to need to do when you’ve got all of this data from your cookies is to update your privacy or cookie policy or combined policy, whichever one you have. Now, there’s a blog post that goes with this video, you can find on the Koozai blog, and that goes into more tools and ways in which we do this, and examples of people that are doing this quite well for you to have a look at.

Now once you’ve got that policy, it’s important that you go back to guidelines and make sure that you are being really clear and you are outlining everything, because this is something that will be checked, I suppose, if they’re going to go and bring cases against anyone. So the more effort you can make, the less chance you’ve got of someone coming after you.

The next thing you’re going to need to do is implement a solution based on what you found. Now, there are several out there. There are three different ones that we looked at. The one that we actually went with was a tool called Cookie Control. Now, this is a free tool. They allow you to customise it really well with a choice of colours and locations. It’s just a little triangle that sits in the bottom left or right of your screen, and when a new user hits your website, a little pop-up comes up making it really clear that you’re going to store cookies and is this okay. If not, click here and we’re not going to store cookies. You can even set it so it won’t store cookies to start with. There’s lots of customisation.

The guys there are really friendly, and they support the tool even though it is a free tool. If you’ve got WordPress or Magento sites, they’ve got plug-ins for all of that. Really good. That’s exactly what we’re going to be using. Come May 26th, that’s exactly what’s going to be going on the Koozai site. It’s not there yet. It will be going live on the 25, the day before.

Another tool is “Cookie OK”. This is another tool whereby there’s a banner along the top and very, very similar in the way that it works, apart from it’s a banner along the top, so it’s really your personal preference on how you want it. That is for WordPress, so a nice little WordPress plug-in.

The Cookie Collective is more of a managed solution. So you’d go through them. They would help you analyse all of your cookies, make sure your privacy policy is updated. So there’s a bit more hand-holding there. And then their software that installs, it will monitor your website, and if a cookie gets updated, they will alert you so that you can update your policy.

So it depends on which service you want, whether you want to pay for it, whether you want a free solution. Like I said, the one we are using is Cookie Control and we love it.

The fifth thing is test. Can’t stress it enough. We installed a few of these plug-ins to play with, and nearly every time you install something it looks fine. One example is we went to Internet Explorer, and the page wasn’t displaying right because a bit of code was wrong. Once that was corrected, it’s all fine, but really important, whatever you do, you test.

The other important thing is don’t just wait, don’t just sit there and do nothing. You need to try and go some way to conform with this. The other important thing worth noting is the way that it’s described, and it depends which way you read it, but it looks very likely that even if you are not part of the EU, if you are, say, a US company, but you deal with the UK for business, you’re actually approaching, trying to sell to the UK, you are going to still be bound by this law and you’re still going to be expected to conform. Now I don’t know how they’re going police this or how they’re going to try and attempt to prosecute, but that will be down to them after the 26th.

The most important thing, like I keep saying, is you try and do something, put something in place, go some way to conform, because then they’re not going to come after you. They’re going to go after the people who just totally ignore it.

So thanks for watching. For more videos, check out Koozai TV. Check out the blog post, and we’d love to know what you’re doing about the new cookie law, so leave a comment, or tweet me, or hit us on any of our social media properties. Thanks a lot.