In this article we well be giving a closer look to cookies, a legal requirements in the UK (especially in the light of the EU cookie law on online privacy), as well as possible fines against website owners if this policy is infringed. We also look at some potential solutions and make some recommendations.
Any website available to visitors from European countries must be compliant with the e-privacy directive. This aims to prevent information or data being stored on individual users’ private computers (or mobile devices such as tablets or smart phones) without them being aware and confirming their agreement. If such tracking is not essential, users must be informed that cookies are being used – and why. The user must positively indicate their acceptance by means of a check box or click, not by default.
When consent is obtained, the user must be allowed to subsequently withdraw it in the future, should they wish. Cookies are not specifically named in the EU directive, although they are clearly subject to the legislation. Any technique to store information is included, such as image tracking and browser fingerprinting. One exception applies, when such cookies etc. are essential to provide a service – in effect, when the communication is requested by the visitor to the web page. Shopping baskets on web sites would be one example. However, this exception does not include advertising, analytics (web tracking statistics) or customised greetings – these are implicated and must comply. If not, fines of up to £500,000 can be levied, although it is understood that information and enforcement notices are normally issued first by the ICO (the Information Commissioner’s Office), the organisation responsible for this within the UK.
After an initial information campaign, it is thought that the ICO and equivalent European bodies will primarily respond to complaints, as opposed to actively policing every website which might store data. The ICO has said it intends to focus on the most intrusive cookies – this may (or, frustratingly vaguely, may not) include cookies that count visitors. It is perhaps for this reason that some industry experts consider the law difficult to comply with, vague or ambiguous – and even unworkable in parts.
The current EU cookie law places responsibility for checking compliance with website owners. In practice, this is complicated – few non-experts fully appreciate all the issues; even developers may not always know when and where cookies are used in large, intricate systems. This perception of risk can lead to fraud, typically where unscrupulous operators send worrying messages to website owners in an effort to extort payment(s). Therefore, do not respond to unsolicited emails offering ‘help’ with anti-cookie legislation and fines. On the other hand, if a genuine regulatory body really does contact you, it is best to work with them; the service offered will be free of charge.
On our website we customised a scrips created by the guys at Silktide and developed a simple WordPress plugin in English and Italian which we then installed on all clients websites.