The new EU e-Privacy Directive (or EU Cookie Law as it is widely referred to) is now in force with many websites yet to be compliant.
More sites are now setting their approach live and we released ours with the launch of our new site. However there is still a large amount of sites waiting to see what happens and looking at what others around them are doing. Now is the time to make your decision and getting a plan in place to launch this as time is running out, doing nothing at all is not an option and more likely to cause you problems if the ICO receive any complaints regarding your website.
From our review of the documentation and a talk we attended on this with a representative of the ICO the main takeout was that there appears to be a gap between what is actually compliant with the Directive and the likely level of enforcement or action that the ICO will take. Specifically, we believe that the likelihood of any fine seems to be confined to those openly abusing their users Privacy. Basically if your site is using Google Analytics (which does set a few Cookies) then it is very unlikely and there is nothing in the directive that appears to lead to these Cookies being targeted or any action taken against sites you should be fine (although there is still some work you will need to do on your site – keep reading!). However if you are doing anything that captures user preferences or personal details via Cookies for use within advertising networks for example then these are the main types of Cookies the ICO will be targeting so a different approach will be required (also covered below).
What are we doing:
1. We did a Cookie and Privacy Audit
Before deciding what option to take it is very important to know exactly what Cookies are being set on your site and what they actually do. You may well find there are scripts or tracking being used that you don't actually use or need anymore which can be removed to help tidy up your site and this should also help page load times (very important).
Also important to note that this is not just about Cookies but about Privacy. Therefore it is important to update your Privacy copy to cover things like email tracking, social buttons etc.
If you have not yet undertaken a Cookie and Privacy Audit please get in touch with us now as time is running out.
By using plain English and being comprehensive and transparent we are trying to educate anyone who visits our site. Hopefully the more open and honest sites that adopt this then the easier we can all get the message across and as a group of site owners can educate the masses on Cookies and Privacy.
Now this is the key point, from our understanding of the Directive, our solution is not strictly compliant because there is still no informed, or active, consent. And, as yet, we have not provided any options to selectively opt in/out of particular Cookies: this is still up to the user. However, it is also our understanding that this solution is highly unlikely to be ‘actionable’ by the ICO and even less likely to incur a fine as we are clearly not trying to abuse our users’ Privacy.
2. Why are we doing this?
We feel it is important to be open and transparent on our site, this breeds trust which is very important on any website. We are also joining the cause to help educate all internet users as to what Cookies are and what they do. We have made the decision to take this option also because we as industry experts know how important Google Analytics is in particular for monitoring and analysing site performance and how to make our site and the whole user experience better. Implementing an opt-in solution would have seriously jeopardised this as we would have very likely lost a high portion of our analytics data. For example the ICO (www.ico.gov.uk) currently have an opt-in solution using the banner along the top of the site, this has resulted in a 90% loss of their Google Analytics data. The difference is that as this is the authority governing this directive in the UK they must be 100% compliant, we however don’t believe we can afford to lose that valuable data and as Google Analytics does not capture personal details or invade someone’s Privacy it is unlikely any action will be taken against us. If we are wrong then we will then work with the ICO to define a new strategy and get further advice from them.
“Provided clear information is given about their activities we are unlikely to prioritise first-party Cookies used only for analytical purposes in any consideration of regulatory action.”
What should you do?
We would like to give you all the options available so you can then make an informed decision on what is right for your website and business. We are happy to discuss this with you and offer advice where applicable but the final decision is yours on the level of your approach.
User can selectively opt in/out of groups of Cookies. Cookies are set initially but this requires the user to actively opt-out to remove them.
Examples: BT (overlay bottom right that disappears, 'slider' for Cookie opt out/in); Magiq (selective opt out/re-opt in); Reuters (this links to the frame/overlay provided by Evidon on the Reuters site).
Active opt-in, only Cookies that are required for the site to work are set automatically. All other Cookies are not set until the user explicitly opts-in by ticking the checkbox and then the continue button.