Take action now to avoid falling foul of ‘Cookie law'
Last month, legislation was introduced to ensure that visitors to internet sites are aware of how they're being tracked. Mike Kneller explains
The problem
Have you ever browsed the internet looking for something, like a new TV or a refrigerator, and then later logged into another site to discover that banner adverts display items very similar to what you were looking for? That "coincidence" was caused by cookies tracking your web behaviour.
In 2003, the EU issued The Privacy and Electronic Communication Regulations directive with the hope of improving and protecting privacy for citizens. One section of this directive pertained to the use of cookies. As a result, European legislation related to cookies was introduced on 25 May and will impact millions of businesses.
The law
The legislation, commonly known as the "Cookie law", requires all websites that use cookies to seek consent from visitors accessing the site. If your hotel, catering company, restaurant or business has a website - you must seek permission from the visitors to your site to use cookies.
Expert advice
The only cookies that are exempt are those "strictly necessary for a service" such as those used to remember what items in an online shopping basket need to be paid for and those used for secure online payments. The contentious cookies are those that are used to study the customer's profile and behaviour, are applied to personalise a website or serve relevant third-party adverts.
What's important to bear in mind is that it is not the intent of the legislation to prevent the use of cookies for these purposes. It is designed to ensure that all visitors to a website are fully informed as to the use and purpose of this type of technology.
The fact is that even if your site uses Google Analytics to track visitors, then you are impacted by this law. Even some online advertisers and website designers are failing to advise their clients on the implications of this law.
check list
What can you do?
â- Next, check with your web developer or the provider of the website to determine what cookies are being used.
â- Seek advice from your website provider on the most effective solution they recommend to obtain consent from visitors.
â- Pop-ups, splash pages and asking users to accept new terms and conditions are just some of the ways in which you can seek consent.
Some people have argued that getting people to change their browser settings will be enough to comply. That's not the case. Currently, the privacy settings on most browser settings are not sophisticated enough, as users either have a choice of enabling all cookies or none at all. The onus, therefore, lies clearly with the website to seek consent from the user.
Beware
The ICO can approach any business running a website and ask them to demonstrate how they comply. They can also fine website owners up to £500,000 for serious breaches in the law - so the stakes are extremely high.
Can businesses afford to take a "wait and see" approach? The directive in fact came into force last year and was deferred by the UK government for a year to allow more time for businesses to prepare. It is unlikely that the law will be delayed again.
Yes, the odds of being prosecuted first out of millions of businesses are very slim and no one is really sure how the ICO can effectively police this - but can you really afford to take the risk and face up to a £500,000 fine?
To achieve true transparency, all publicly available systems should be designed with the user's privacy in mind. Rather than burying your head in the sand, it is time to start preparing. No one wants to be held as a test case.
Contact
Mike Kneller is solutions director at bss digital. You can download a copy of his "Cookie law" white paper free of charge atwww.bssdigital.org
