Keep your web cookies legal

It might have passed under the radar of many small-business owners, but from 26 May 2011, it has been illegal to use web cookies on your website without first seeking permission from users. Emma Allen finds out what this means for your website.

To comply with this web cookie law, businesses must amend their websites accordingly — either by removing web cookies completely or by installing a method of requesting user consent, such as pop-up windows on a home page.

You must also explain to people how you use web cookies and what data they collect.

What are cookies?

So what are cookies and how do they work? “Cookies act as a record of where you have been online, such as which sites and pages you have visited,” says Stuart Mackintosh, managing director of IT consultancy OpusVL.

“By installing a piece of code on to a site user’s computer, they enable websites to remember consumers and their online preferences, such as login details, surfing history and buying habits. Generally, they are beneficial — without them, online shopping would be much harder,” he points out.

The web cookies law

According to the Information Commissioner’s Office (ICO), the body responsible for regulating the new law, most UK business sites use web cookies in some form or another.

Mackintosh advises any website owner to carry out an audit to assess what web cookies are used, what purpose they serve and how intrusive they are.

“Crucially, [the new law] states that consent must only be sought if personal data is being stored about a consumer,” he explains.

“If cookies are used purely to manage the transaction process, by remembering what is in the consumer’s basket, for instance, they are deemed ‘strictly necessary’ and consent is not required.”

Third-party web cookies

However, the situation is more complex if your website uses third-party cookies.

“If you use or allow cookies to track visitors from any external sites, or use third-party advertisements, both of which are likely to store personal information about visitors for marketing purposes, you will need to provide visitors with a clear method of opting out,” Mackintosh stresses.

Opting out from web cookies

This can be achieved in several ways, the most obvious being a pop-up window. “But pop-ups are intrusive and web users typically don’t like them,” Mackintosh points out.

An alternative is to set up a permanent element on a home page. “For instance, you could build a box on the right-hand side that slides up and down, displaying the site’s cookie status.”

For websites that sell products or those that require users to register first, the most straightforward way to secure consent for web cookies is to direct customers to a terms-and-conditions page.

To comply with best practice, you should also set out a privacy policy on your site that explains what web cookies are and how your business uses them. “It’s worth making sure that users can link directly to this from anywhere on your site,” advises Mackintosh.

Web cookie law: the cost

Lastly, what about the expense? Put simply, the fee to update a website will depend on the site itself and how web cookies are used.

“If it’s a simple site, it’s a very easy job to turn off cookies. But if you’ve got a complicated ecommerce site, it could cost thousands to solve the problem and find a viable alternative long term,” he warns.

Whichever route you choose, the use of web cookies needs to be clearly displayed on your website. “Don’t make things obscure because this could lead to complaints, or worse, later in 2012 you could be prosecuted,” Mackintosh concludes.

Popular content related to web cookies:

• Making sense of EU cookie law
• The benefits of web analytics
• Is your website still legal? How to comply with cookie law

Find more articles, videos and tools on web cookies in the Resources box on the right.