The UK Cookie Law For Dummies

Posted on 15 Oct 2012 by

All websites in the UK, and around European member states, were required to adhere to the EU Cookie Law from 26th May 2012. All websites must now obtain permission from website users to allow cookies to be stored on their computer. However, what is a cookie - and how can you gain a website user’s permission to serve them?

It is acknowledged that, as of September 2012, over 90% of websites are still not compliant with the law and various studies have suggested the reason for this is that companies, and website operators, simply don’t understand how the law affects them, whether their websites serve cookies, and how to full comply with the new law.

A cookie isn’t just a biscuit…

A cookie, as used by websites, is a basic text file which is downloaded to the user’s computer when visiting a cookie serving website and stored in special area of the operating system, along with cookies from other websites. Generally speaking, the cookie will contain the website address and a unique number and this information is recalled when you revisit, allowing companies, website operators and analytics software to identify you as a previous visitor.

Why do websites serve up cookies?

The most popular cookies are used for counting the number of visitors to a website, creating targeted advertising and keeping track of a shopping cart’s contents.

Cookies can also contain other bits of data, allowing a website to be ‘customised’ just for you, for example, a website might offer you the opportunity to change text size, or colours, and this information will be stored in the cookie so that your preferred changes are remembered each time you visit the site.

Do all websites rely on cookies?

Almost all but the most ‘static’ of websites use cookies, and so every website operator is potentially affected by the law. Research shows that the average UK websites uses fourteen cookies - per page! Approximately 2/3rd of the cookies, so almost ten, come from third parties such as advertisers, analytics programmes or live help platforms.

So, why do we need a cookie law?

The idea behind the law follows changes to the EU Privacy and Electronic Communications Directive, effectively all about privacy in the electronic environment. Because cookies can be used to build up a detailed picture of online behaviour, the law is designed to empower web users to make an informed decision about what personal information they share with a website, its operator or third parties. The law doesn’t stop the storage of cookies, their retrieval, or how any collected data might be used - it simply means that companies or website operators now have to ask website users to ‘opt in’ to receiving all non-essential cookies.

What’s the difference between essential and non-essential cookies?

The EU law identifies that certain functions of a website are essential to its operation. If for example you visited a shopping website and added an item to the shopping cart, then moved onto look at another item on the same website and when you returned to your shopping cart the website had ‘forgotten’ the item you had added to the cart - you would be forgiven for being frustrated and confused. The cookie responsible for ‘remembering’ what you had added to the shopping cart is deemed as “essential” because it is core to the website’s purpose and necessary for its basic operation.

A non-essential cookie covers anything from the collection of data for analytical purposes, to serving any advertising which can track ‘clicks’, to websites running any kind of affiliate scheme. For example, if you use Google Analytics or another similar application to measure your website’s performance - you are serving “non-essential” cookies, or rather you are allowing a third party to serve these cookies on your behalf. Whether you are serving cookies directly or indirectly, through third parties, makes no difference; you are still responsible for asking your website visitors to opt-in to receiving these types of cookies.

Does the law affect websites operating outside the EU?

All websites targeted at web users within the EU must comply with the law. For example, even though Facebook.com - the most popular website in the world - is based in the U.S. it must comply with the EU’s cookie law because it targets users from the EU.

How can I check whether my website uses cookies?

As discussed earlier in this article, the odds are on that your website is serving some kind of non-essential cookie. However, there are certain tests you can carry out on your website to find out exactly what cookies are being served to your website’s users. The following applications allow you to list the cookies used on your website:

• “View Cookies” in the Firefox web browser
• Attacat Chrome extension
• Trust-e Cookie Tracker
• Tagcert

And how do I ensure my website complies?

There are a number of methods you can implement in order to oblige to the EU cookie law, ranging from popups to alert your visitors, or a banner highlighting your stance on the matter. If you use a popular CMS such as WordPress or Joomla, there are convenient plugins available which make the process incredibly easy.

An effective technique is to dedicate a page on your website which legitimately outlines your website’s cookie policy, describing in depth the cookies that you serve. This allows you to offer the option for the user to ‘opt out’, as opposed to requiring them to opt in.