New EU Cookie Law And What It Means For You - New EU Cookie Law And What It Means For You -

What Is A Cookie?

A cookie is a small text file that a website creates and refers to in order to perform certain functions and remember certain bits of information. For example if you are browsing an online shop, you may notice a ‘recently viewed products’ section, this is usually generated by the information contained within a cookie. They can also be used for analytical data allowing web masters to amend content as necessary. Cookies can also be used to let a website know that you are logged in. Other uses can transverse websites, you may be searching for a product on one site and then find that the adverts on a separate site are for the product that you are searching for. As a general rule, the majority of cookies are anonymous, unobtrusive and help toward a better user experience.

There are, however, more sinister uses of cookies that it you should be aware of. One important thing to note is that a cookie is not and cannot contain a virus. There is no code in one and it cannot replicate itself. They can act as a form of spyware as they can store information of a website or websites that you visit. Anti-Spyware and Anti-Virus products often prompt the removal of cookies as a precautionary measure. It is this precaution which has made users more wary of allowing cookies.

What Exactly Does The EU Regulation Mean?

At the end of May 2012 new EU regulations come into force. These regulations stipulate that all sites that use cookies should seek explicit permission from users prior to setting and using cookies. 48 hours before the official UK deadline the Information Commissioner’s Office announced that it would be enforcing a rather watered down regulation. Now UK web masters are allowed to assume implied consent and understanding of the use of cookies providing information about them is easily available, i.e. you can’t just hide it in a privacy policy page. Further to this new change to the regulation the ICO has laid out the notion that cookies fundamental to a sites performance as well as analytical cookies that anonymously track usage are deemed within the remits of implied consent. The emphasis, it would seem, is on malicious and so-called ‘third party’ (often advertising) cookies.

Enforcement of the EU/UK regulation falls in the hands of the ICO and it has been on record as saying that non compliant parties will be offered an option to outline their strategy to become compliant. It will also offer help to organisations which are unable to produce satisfactory strategies. There are monetary penalties that can be accessed, however, the ICO has said that:

Monetary penalties can only be issued by this office [the Information Commissioner’s Office] in cases where there’s been a serious breach that’s likely to cause substantial damage to people, and where there is kind of a willful element towards non-compliance. Now it is difficult to imagine that non-compliance with the cookies rule is ever going to trigger, a situation in which we would be able to issue a monetary penalty.

The £500,000 penalties that are circulating are not false it is merely highly unlikely to ever be used.

Further information can be found here:

If you are worried about your own website’s compliance and would like to discuss simple, but effective solutions, please don’t hesitate to contact us.