A contentious new privacy law comes into effect today (May 25) in the European Union.
The ‘cookie law’ was designed to protect the online privacy of customers by explaining the requirement to collect data to customers and giving them the ability to ‘opt out’ from providing certain information on a website, if desired. As cookies are common and nearly ubiquitous on the Web, it may be very difficult to properly enforce.
In addition to protecting personal data, the new law also attempts to limit behavioral advertising. Specifically, it requires that users be informed of all data stored in cookies for which they have been delivered a specific ad. To be in accordance with the new law, the user would normally be required to give explicit consent for the transfer of cookies, unless the files are absolutely necessary to enable the service provider to provide its core information service which has been requested or implicitly needed by the subscriber or user.
The Information Commissioner’s Office (ICO) has produced a full guide for webmasters wishing to become compliant with the law.
As a website owner or administrator (webmaster), your first step should be to audit your website for cookies (you can also use Google Analytics). Learn about what cookies your site deposits on user computers and Web-connected devices. Before you can decide on the right solution, you need to get some insight into your cookie exposure under the new law.
Legally, in theory, cookies must not even be created until a user agrees to accept them. For more on this subject see this news article: http://www.bbc.co.uk/news/technology-18090118.