The EU Cookie Law – what to do now | Boagworld - Web & Digital Advice

Web & Digital Advice

Digital and web advice from Headscape and the addled brain of Paul Boag... tell me more

Chris Scott Posted by: Chris Scott On Friday, 18th May, 2012

The EU Cookie Law – what to do now

As the enforcement date of 26 May 2012 approaches, we provide an update on the situation.

Content Strategy:
The estimated time to read this article is 4 minutes

As the enforcement date of 26 May 2012 approaches, we provide an update on the situation.

Much has been written, and is being written, about the new so-called Cookie Law that the UK Information Commissioner’s Office (ICO) is mandated to enforce with effect from 26 May 2012. In his January article, Paul Boag concluded that “this really isn’t turning into the doomsday scenario some have suggested”.

Paul was right. However, now is the time to take some simple steps to make sure that your site is in good shape.

If you have taken a look at the ICO’s website and run screaming from the extreme solution it has implemented don’t worry. Fortunately, the ICO’s will not be enforcing such an extreme position on others.

So, what should you do? While a definitive position simply doesn’t exist right now, the following seem like reasonable steps.

  1. Identify all the cookies associated with your site, where they are being served from and what they do.
  2. Make sure you have a reasonably prominent link to your privacy policy and rename it Privacy and cookies policy to be on the safe side.
  3. List the cookies on your Privacy and cookies policy page. For first party cookies (i.e. those served by your website) list their name and purpose. For third party cookies (such as Google Analytics cookies) list the source, name and purpose.
  4. If you use social buttons to enable sharing of pages you should note in your Privacy and cookies policy that you do so and that scripts from third party sites have been used and that those third parties might be gathering usage information.
  5. Similarly, if you use third party services such as YouTube or Vimeo you should note this too and state that they may gather usage information.

So how prominent is prominent? John Lewis, for example, previously had a footer link “Security & privacy”. It has lifted this to the header and renamed it “Privacy & cookies”. Do you need to do this? My view is that, like the Number 10 website, Marks and Spencer and many others, a link in the footer will be sufficient.

 

John Lewis website

John Lewis website

 

Should you list your cookies? John Lewis and Number 10, for example, contain lists but so far Marks and Spencer, for example, has not listed its cookies. My recommendation would be to include a list of cookies together with some instructions about disabling cookies in major browsers.

 

A list of number 10s cookies

A list of number 10’s cookies

 

So how do you audit the cookies on your site? Unfortunately, this isn’t completely straightforward. The easiest way of doing this that I know of is to use Firefox with the Firebug and Firecookie extensions installed. Firecookie lists cookies on a page-by-page basis, so you’ll need to visit all sections of the site to ensure that you find all cookies.

You may also need to do some detective work when you are auditing your cookies. First party cookies, i.e. those that are served by your site, are clear. For example, first party cookies served by the Boagworld site will be listed with a domain of www.boagworld.com. Where things get more confusing is with some third party cookies, for example Google Analytics cookies (which are prefixed with __utm). On www.boagworld.com these show up with a domain of .www.boagworld.com (notice the leading . ) even though they have originally come from Google.

You should also include a statement of what the implications of disabling cookies will be. John Lewis is clear: “If cookies aren’t enabled on your computer, it will mean that your shopping experience on our website will be limited to browsing and researching; you won’t be able to add products to your basket and buy them.”

The best guidance that I am aware of is a recently published Econsultancy report. Unfortunately this is not cheap at £250. Econsultancy has however published a detailed, free article on the approach it has taken.

Become a web expert with our newsletter

Receive invaluable advice every three weeks and get two free video presentations for subscribing. You can unsubscribe in one click.

Blog Updates

You can follow all my posts by subscribing to my RSS feed or signing up to my email newsletter above.

Podcast Updates

Subscribe to the podcast via itunes or RSS. You can also subscribe to my quick tips via itunes and RSS too.

Social Updates

I am completely addicted to Twitter so try following me there. I also have a Facebook page which contains considerably less waffle.

Comments

Boagworld is a community, not just the voice of one blogger. You've read the post, now its time to get involved.