INSIGHTS•5 MIN READ
New Cookie Legislation
suem
Published on May 15, 2012
Published on Wealthy Affiliate — a platform for building real online businesses with modern training and AI.
I assume this is just a UK thing but I have just received an email from one of my affiliate companies advising that there is some new cookie legislation that comes into force on 26th May 2012. Well it apparently became law on 26th May 2011 but they are going to be enforcing it with effect from 26th May 2012.
Below are a few paragraphs from the e-mail:
What does the revised law mean?
The Cookie Law means that websites will need to get consent from customers to store or retrieve
any information on a computer or any other web connected device, such as a smartphone or tablet. With most websites using cookies and similar technologies, if your business has a website, you will need to look at making changes to it in order to adhere to the law. EVERY website uses cookies in some way and what you need to do is get your house in order and start making progress towards full compliance.
Why is this law coming into effect?
The law has been made to protect consumers’ online privacy by educating them about how their
information and behaviour is collected and used by websites. It aims to give consumers control over their own online privacy. In our opinion, one of the biggest challenges to that is the lack of general awareness of how the internet operates in the general public. Working in the industry we have a blinkered view of the level of understanding of the average internet user. The vast majority will NOT know what a cookie is or how these cookies enhance and impact their online experiences.
Are there any exceptions to the law?
The basis of the law exists around the ‘right to refuse’ a cookie... and there are exceptions
to the requirement to provide information about cookies and obtain consent where the use of the
cookie is one of the below:
For the sole purpose of carrying out the transmission of a communication over an electronic
communications network
Where such storage or access is ‘strictly necessary’ for the provision of an information society
service requested by the subscriber or user. For example, it is the same for intranet sites purely
targeted at your employees.
The term 'strictly necessary' means that such storage of or access to information should be
‘essential’, rather than ‘reasonably necessary’, for this exemption to apply. However, it will also be
restricted to what is essential to provide the service requested by the user, rather than what might
be essential for any other uses the service provider might wish to make of that data.
It should be noted, that where the use of a cookie type device is deemed 'important' rather than
'strictly necessary', those collecting the information are still obliged to provide information about
the device to the potential user and obtain consent.
Responsibility for providing the information and obtaining consent
The Regulations do not define exactly and clearly who should be responsible for providing the
information and obtaining the consent. However, you are responsible for complying with these
regulations if you operate an online service or website and it requires any use of a cookie type
device for your purposes only.
However, once a person has used such a device to store or access data on a device, that person will not be required to provide the information described and obtain consent on subsequent occasions, as long as they met these requirements initially. While the regulations do not require the relevant information to be provided on each occasion, they do not prevent this.
So, what do you need to do to inform consumers?
Basically, if you are using cookies on your website you will most likely need to make some changes.
You MUST inform your customers, but how you do this can be in a variety of ways. We recommend
that for the time-being you follow some or all of the following:
• Tell visitors to your website that the cookies are there
• Explain the purpose of these cookies
• Get the customer’s consent to store a cookie on their device
The Regulations are not entirely rigid about the information that you need to provide consumers
with, but the text should be sufficiently full and intelligible to allow individuals to clearly understand
the potential consequences of allowing storage and access to the information collected by the
device should they wish to do so.
I have had a look at a few major UK companies to see how they are dealing with this and some, such as BT, are using an implied consent. There is a pop up informing that the website is set to "allow all cookies" to give the best experience - if you don't want to allow all cookies then this can be changed at the bottom of the page but if you continue without changing the settings then you consent to this!
UK government is advising that they want to use cookies to store information and that some parts of the website won't work properly without this and are forcing you to tick a check box to agree to accept cookies.
As stated earlier this covers just about all UK sites which seems rather a lot to be policed but as cookies are essential for what we do it is important that we get this right without scaring off potential customers.
Does anyone have any ideas for the best way to handle this?
Below are a few paragraphs from the e-mail:
What does the revised law mean?
The Cookie Law means that websites will need to get consent from customers to store or retrieve
any information on a computer or any other web connected device, such as a smartphone or tablet. With most websites using cookies and similar technologies, if your business has a website, you will need to look at making changes to it in order to adhere to the law. EVERY website uses cookies in some way and what you need to do is get your house in order and start making progress towards full compliance.
Why is this law coming into effect?
The law has been made to protect consumers’ online privacy by educating them about how their
information and behaviour is collected and used by websites. It aims to give consumers control over their own online privacy. In our opinion, one of the biggest challenges to that is the lack of general awareness of how the internet operates in the general public. Working in the industry we have a blinkered view of the level of understanding of the average internet user. The vast majority will NOT know what a cookie is or how these cookies enhance and impact their online experiences.
Are there any exceptions to the law?
The basis of the law exists around the ‘right to refuse’ a cookie... and there are exceptions
to the requirement to provide information about cookies and obtain consent where the use of the
cookie is one of the below:
For the sole purpose of carrying out the transmission of a communication over an electronic
communications network
Where such storage or access is ‘strictly necessary’ for the provision of an information society
service requested by the subscriber or user. For example, it is the same for intranet sites purely
targeted at your employees.
The term 'strictly necessary' means that such storage of or access to information should be
‘essential’, rather than ‘reasonably necessary’, for this exemption to apply. However, it will also be
restricted to what is essential to provide the service requested by the user, rather than what might
be essential for any other uses the service provider might wish to make of that data.
It should be noted, that where the use of a cookie type device is deemed 'important' rather than
'strictly necessary', those collecting the information are still obliged to provide information about
the device to the potential user and obtain consent.
Responsibility for providing the information and obtaining consent
The Regulations do not define exactly and clearly who should be responsible for providing the
information and obtaining the consent. However, you are responsible for complying with these
regulations if you operate an online service or website and it requires any use of a cookie type
device for your purposes only.
However, once a person has used such a device to store or access data on a device, that person will not be required to provide the information described and obtain consent on subsequent occasions, as long as they met these requirements initially. While the regulations do not require the relevant information to be provided on each occasion, they do not prevent this.
So, what do you need to do to inform consumers?
Basically, if you are using cookies on your website you will most likely need to make some changes.
You MUST inform your customers, but how you do this can be in a variety of ways. We recommend
that for the time-being you follow some or all of the following:
• Tell visitors to your website that the cookies are there
• Explain the purpose of these cookies
• Get the customer’s consent to store a cookie on their device
The Regulations are not entirely rigid about the information that you need to provide consumers
with, but the text should be sufficiently full and intelligible to allow individuals to clearly understand
the potential consequences of allowing storage and access to the information collected by the
device should they wish to do so.
I have had a look at a few major UK companies to see how they are dealing with this and some, such as BT, are using an implied consent. There is a pop up informing that the website is set to "allow all cookies" to give the best experience - if you don't want to allow all cookies then this can be changed at the bottom of the page but if you continue without changing the settings then you consent to this!
UK government is advising that they want to use cookies to store information and that some parts of the website won't work properly without this and are forcing you to tick a check box to agree to accept cookies.
As stated earlier this covers just about all UK sites which seems rather a lot to be policed but as cookies are essential for what we do it is important that we get this right without scaring off potential customers.
Does anyone have any ideas for the best way to handle this?
Share this insight
This conversation is happening inside the community.
Join free to continue it.The Internet Changed. Now It Is Time to Build Differently.
If this article resonated, the next step is learning how to apply it. Inside Wealthy Affiliate, we break this down into practical steps you can use to build a real online business.
No credit card. Instant access.