Ever since the Information Commissioner, Christopher Graham, suggested UK websites need to “wake up to changes” in his announcement on the Privacy and Electronic Communications (EC Directive) Regulations 2003 on the 8th May 2011, the subject of cookie law has been met with a great deal of head-scratching.
If you, like many, are utterly confused about what this new directive actually means, do not fear. Here’s a clear, substantiated explanation to help us all understand its impact and how best to respond.
First, let’s clarify what’s happened.
EU law has changed. It now states that visitors to your websites should now be able to give or refuse permission for you to install cookies on their machines in almost all cases.
Unfortunately, we haven’t been told exactly how we should go about granting that permission.
The Information Commissioner and his departments have attempted to recommend a technical solution but unfortunately, even when you finally manage to decipher their unnecessarily complex guidance notes, their suggestions bear little resemblance to what the EU actually wants.
This misinterpretation has led to a surge of articles appearing all over the Internet saying you must have a pop-up permission request every time you want to pop-on a cookie, with immediate effect.
This is not the case.
What the EU has said is that they want browser manufacturers to extend their cookie control settings to allow users to define, in more granular detail, what cookies can be downloaded and by whom.
The idea driving this is that if a visitor to your site uses a browser that is set to allow certain cookies, they are, by law, giving you permission to set and use those cookies. The EU sees that as permission granted loud and clear.
However, that will only cover users who use the updated browsers – and you won’t see them for a few months.
Fortunately Ed Vazey, Minister for Culture, Communications and Creative Industries, and Mr. Graham’s boss, has eased the panic slightly. He says – and the Information Commissioners Office agrees – that authorities will tread softly while the new browsers are developed and new legislation is phased in.
It’s a sigh of relief for all concerned.
You now have the time to plan properly.
With that in mind, start by being very clear which cookies you need to ask visitors about.
According to our lawyers, if the cookie is strictly necessary for the provision of the service that the user has requested, you don’t need their permission.
That means if you only uses cookies that allow a customer to login (or register), add to basket, checkout and receive confirmation you are OK. But, if you track their colour preferences or sizes and use that information to optimise their experience, you need to be sure your site will function without those cookies since they are not, strictly speaking, essential to the service the customer has requested.
Stick with that, and you’re on the right track.
We’re going through the process ourselves here at Venda and have started by auditing our use of cookies to ensure any downloaded by our core platform are strictly necessary. We’ve also gone through that process with our partners too to help them make sure that the sophisticated aspects of marketing and merchandising they provide will continue to be very beneficial for your customers.
We’ll keep you posted on any updates or news on the new cookie directive. If you’d like to know more in the meantime, feel free to call us.
Authored by Ivor Morgan, Head of EMEA Marketing
