A contentious new privacy law comes into effect today (May 25) in the European Union.
EU officials have drawn up this new legal requirement which stipulates that personal data collected through the use of cookies must be of pertinent use; that is, the data itself must be integral and necessary to the core function of the website or application. An example of this situation is an ecommerce site which must, for practical reasons, remember a site visitor’s virtual shopping basket contents between pages. Other types of information sought from Web site visitors, such as statistical data, requires a visitor’s explicit permission.
The ‘cookie law’ was designed to protect the online privacy of customers by explaining the requirement to collect data to customers and giving them the ability to ‘opt out’ from providing certain information on a website, if desired. As cookies are common and nearly ubiquitous on the Web, it may be very difficult to properly enforce.
In addition to protecting personal data, the new law also attempts to limit behavioral advertising. Specifically, it requires that users be informed of all data stored in cookies for which they have been delivered a specific ad. To be in accordance with the new law, the user would normally be required to give explicit consent for the transfer of cookies, unless the files are absolutely necessary to enable the service provider to provide its core information service which has been requested or implicitly needed by the subscriber or user.
The Information Commissioner’s Office (ICO) has produced a full guide for webmasters wishing to become compliant with the law.
As a website owner or administrator (webmaster), your first step should be to audit your website for cookies (you can also use Google Analytics). Learn about what cookies your site deposits on user computers and Web-connected devices. Before you can decide on the right solution, you need to get some insight into your cookie exposure under the new law.
The Optanon Audit plug-in for Google Chrome provides a snapshot of precisely how a site’s domain uses cookies, enabling you to make an informed choice about the right compliance solution.
Another common approach is to explain to your users just how your company and/or website regards user privacy and respects related policies and laws of the local jurisdiction. This is typically done by placing a Privacy Policy article on your website. Traditionally, you would find the link to it on the website’s footer menu, although you could always place it elsewhere for better visibility. In this text you could also indicate precisely what cookies you use and for what purpose(s).
Legally, in theory, cookies must not even be created until a user agrees to accept them. For more on this subject see this news article: http://www.bbc.co.uk/news/technology-18090118.
P.S. Cookie Consent (http://silktide.com/cookieconsent/code) is a JavaScript plugin to help websites comply with the cookie law. This is easily installed on a website with just a few lines of code. Users will be shown a message which drops down from the top of the screen asking them if they want to allow cookies. Another one, Cookie Control is a universal solution for cookie law compliance. With an elegant user-interface that doesn’t hurt the look and feel of your site.