Making sense of the EU cookie legislation

Finlay Carmichael, C2 Software

Tue, 16-08-2011 04:19

The new EU law on cookies on websites came into force on 26 May 2011. To date, there has been little clear guidance on what’s expected of web site owners, or on any penalties for failing to comply. The current situation is frustrating so we’ve attempted to make sense of what companies should be doing to ensure their web sites are consistent with the law.

The principal behind the new law is this:

Consumers have a right to know, and decide, what is downloaded to their computers.

So when they first arrive at a web site, there should be an explanation of all the cookies used by the site and the ability to choose which can be used.

That’s where the tricky stuff starts. Many web site managers don’t even know what’s there themselves. There will be cookies used to smooth the browsing experience, cookies that collect information on users habits and increasingly, third party cookies that are used by the likes of Google Analytics and social bookmarking tool Add This.

The first step is be a thorough audit of your site so that you do know what’s there. Then decide what you actually need, and what your readers or customers are likely to accept.

Do you need analytics and social bookmarking sites? What about the Flash cookies? These can be placed on the client computer if your web site uses the Adobe Flash plug in for the display of video, or just to deliver enhanced browser functionality. The issue with Flash cookies is that they are not deleted when a user clears cookies in their browser. Even worse they can be used to re-propagate standard cookies so it’s easy to see why people are wary of them. Do you really need them?

Next you need to work on marketing the ones you decide to keep. How will you explain each cookie to users in a way that encourages them to say yes? In our experience users are generally quite savvy about the benefits of cookies and quickly get frustrated when they find their browsing experience hindered by the lack of them, so with careful wording you can make sure most are accepted.

If you list each cookie, with a link to some information about it such as why it’s there and what the benefits are to users, you’ll have a greater chance of having them accepted.

Here’s a good example on the Information Commissioners website, which succinctly explains what it’s asking, why it matters and what users’ choices are:

The ICO would like to use cookies to store information on your computer, to improve our website. One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete and block all cookies from this site, but parts of the site will not work. To find out more about the cookies we use and how to delete them, see our privacy notice.

That’s followed by a simple check box for users to accept (or not). If they tick it, fine, the site can activate all the non-essential but ultimately useful features that need cookies: Google Analytics, Twitter Follow, Add This, Font Picker etc. If they don’t, then we have to hope the user will understand why some features are not available or are a little clunkier than they have been in the past.

There’s no denying that this is a big change, and there are serious concerns among some web designers about the impact it’s going to have. The most important thing at this stage is to make it easy for users to understand – they’re going to get savvy to it quickly anyway, and as more and more sites begin to ask these questions each user will settle on their own level of comfort.

Personally I’m hoping this will eventually all be managed within browser settings each user can set their preferences for once and for all. But that’s not an easy task for a browser to handle across the vast range of sites out there, and at the moment the tools just don’t work.

To date, the UK government has not been clear about exactly what needs to be done or about any penalties for companies who fail to act. At the moment there is a period of one years’ grace for companies to get their sites in order. What will happen at the end of that is open to speculation.

But my advice is to do the work now, before you’re forced into it, and to do it well. A thorough audit of your site and some clear and direct explanations to users will help ensure people keep returning to, and enjoy using your site.

Finlay Carmichaelco-founded C2 Software in the late nineties, pioneering web content management systems (CMS) and earning a reputation as one of the UKs leading experts in CMS and CRM. Today C2 software underpins the websites and intranets of organisations like NCR, Maclay Murray Spens LLP and the Royal Mint.