Website operators should now begin a series of measures so they comply with new legislation on cookies.
It is strongly advisable that website owners take the following course of action now in order to avoid potentially receiving a fine from the Information Commissioner’s Office (ICO).
The audit performs two key functions. First, it helps you to understand what your web estate looks like (forgotten micro-sites, promotional sites and any previous versions also need considering). Second, it will highlight areas where cookies are being utilised and any third-party relationships you may have. Understand the role of each cookie to enable them to be put into groups, such as session cookies, shopping basket or third-party cookies.
Build information resource
Utilising the output from the audit process, create a website-based resource towards which you can point users. This resource should include the types of cookies and their uses. Again, it might be worth starting your list with first-party cookies and then progressing to those that more closely involve privacy-related data. It is advisable to avoid technical jargon and to word the descriptions in a manner that would be understood by all users.
Determine how consent is to be obtained
As a business, you will need to take a view on how to gain consent and whether or not you get user consent for all cookies at once, or by different categories. For example, you may gain consent for site function-related cookies (eg recommended products and personalised home pages) separately from site analytics and third-party marketing solutions. Or, you may decide to gain consent based on all cookies.
Note that while browsers would seem to be the natural mechanism for gaining consent, the view of the Government, European Commission and ICO is that they are not generally sophisticated enough to provide the type of consent required to reach compliance with the regulation.
These changes are very much upon us now and, while many online businesses may consider them a potential hindrance to their website’s operation, it is important that we as an industry accept that they are here and work together to develop best practices to make obtaining consent as unobtrusive and positive an experience as possible.
- Andrew McClelland Chief operations and policy officer, IMRG.
- Read a feature by Drapers’ Keely Stocker explaining the cookie law changes