The ongoing debate about Internet privacy and protection, promoted EU policy makers to introduce a law last year (May 26th 2011) governing the use of Internet cookies. The EU Cookie Directive is amended legislation, which requires that websites obtain consent from users before using or placing cookies on that user’s computer or device. While the law aims to protect users by allowing them to make an informed decision about the data that is gathered by cookies from websites they visit, it has wide reaching implications for webmasters and internet marketers.
In the UK, the governing body responsible for the enforcement of this law, the Information Commissioners Office (ICO), granted UK websites a yearlong grace period before the law would fully come into effect.
What are cookies?
Cookies are small files of data that are placed on a users’ hard drive. They are used by most websites and they allow website owners to gather data to help improve the experience for the user. Webmasters typically use first party cookies (meaning that their domain placed the cookie not any other domain) to:
- analyse visitors’ behavior on their site including measuring length of time on site and tracking how the users navigate the site
- remember user preferences like font size or language choice
- remember if a visitor has been to a website before
- remember items placed in a shopping cart
- deliver targeted, relevant adverts to the user
A Good Thing Or A Bad Thing?
Once we fully understand what a cookie is and how webmasters tend to use we can see that not all cookies are harmful to the user’s privacy. However some cookies have the ability to store personal data. These are regarded as intrusive and potentially dangerous to users’ privacy when shared with third party website via third party cookies (cookies set by a domain other than the one that is being visited by the user). The ICO is trying to protect users from the unwanted effects of these types of cookies which identify otherwise anonymous visitors. The law wants websites to be more transparent about the types of cookies that they place and for users to have the choice on whether they want that or not.
Online marketers and website owners who use first party cookies have rightfully described the law as ludicrous. According to ICO, 41% of users are unaware of different cookie types and only 13% of users fully understand how cookies work. How can we possibly expect people to comply if they don’t understand what is being asked of them? The placement of cookies is essential for gathering data. If that information is taken away from webmasters when users decline to give their consent, then the ability of the website owner to effectively improve usability or increase revenue is greatly reduced.
Debate over analytics cookies
The law states that only cookies deemed “strictly necessary” can be excluded from asking users for consent. Many website owners argue that cookies for analytics are strictly necessary. The ICO has made it clear that analytic cookies are NOT exempt from the law. Ironically, the UK’s Government Digital Service was one of the first organizations to take a stance against the ICO stating that web analytics “are essential to the effective operation of government websites” and that setting cookies was the most effective way to achieve this.
How enforceable is the law?
A fine of up to £500,000 will be dished out to websites whose use of cookies causes significant distress to users. The ICO said that it was “highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm of individuals”
When this law comes fully into play on 26th May, it would appear that the ICO will not be immediately hunting down websites who are not yet fully compliant. Tomorrow we will publish some actionable tips for website owners on how to bring their website in line with the law.
Gillian Cook is a search executive at SEOptimise, a search agency based in London and Oxford.