EU Cookie Directive
The EU Cookie directive comes into force for UK-based websites on 25th May 2012. This directive came into force for some other countries in the EU a year ago, but the UK government gave website owners here an additional year to make their sites compliant, whilst at the same time hoping that the directive itself was clarified.
What does the EU Cookie Directive say?
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information
(b) has given his or her consent
What does the EU Cookie Directive mean in practical terms?
The choice of how you deal with this directive is yours as website owners, but here are our thoughts :
- If you are using usage tracking systems, such as Google Analytics, your stats are in future likely to grossly under-report your real traffic. The reason for this is that website visitors that arrive at your site and don’t accept your cookies will not be tracked (that’s the whole point of the directive). Anecdotal evidence from other website owners suggests that your reported Google Analytics traffic might fall by as much as 80%-90%;
- The directive will put those that comply with it at a disadvantage to those who don’t… although they may avoid a fine!
- Most website owners will not implement the directive, either through ignorance, or defiance, or simply because they don’t know how to implement the changes (or think they will cost too much);
- A few website owners will have action taken against them;
Is your website affected by the new EU Cookie Directive?
However, the use of 3rd-party cookies such as those that track visitor usage of the site, are caught by the directive. This means, for example, that if your site uses Google Analytics, Adwords or Adsense code, the directive applies to you.
If you want to comply with the directive, what should you do?
Based on our current understanding, to properly comply with the directive, you need to either :
In any case, it might be prudent to involve your website developer or to get an independent audit of the cookies in use on your website. Implementing the changes on your website to comply with these directives might just take an hour or two to assess and complete.
We can do this for you
We are not happy that this directive is coming into force. It creates additional work for us which, unfortunately, has to be paid for by our clients. If our clients want us to audit their site for cookie usage, and subsequently to change the website to comply, then we will need to charge for this work.
Our expectation is for a typical cookie audit to cost no more than £20+vat, and making appropriate compliance changes to your website will cost in the region of £40+vat – £80+vat. For larger, or more complex sites, this may be higher, but we will always discuss the costs and implications with you first.
Bear in mind that it’s not necessarily just a case of installing a plugin or other supplied code into your website. To do the job properly we think you need to :
- Ensure you have a prominent notification on every page of your website to let your visitors know that you store cookies on their computer;
- Allow visitors to confirm that they are happy to accept your cookies… and make sure you only store the cookies if they have accepted them – this might mean adding a little extra code to ‘wrap around’ your cookie creation process;
- If your site allows login or commenting ability (and this process generates cookies), add a short bit of text at the login stage or above the comments area just to gently advise your visitors that this will generate a cookie;
EU Privacy Directive – Update to post : 26/05/2012
According to a Cookie Law report on the BBC website this morning, the ICO (the Information Commissioner’s Office) are now saying they will offer help to non-compliant sites, rather than take legal action against them. The ICO has also updated their policy so that organisations can use “implied consent” to comply – meaning users do not have to make an explicit choice. Instead, their continued use of a site would be taken to mean they are happy for information to be gathered.
How are you handling your own EU cookie directive changes?