Your browser is no longer supported. For the best experience of this website, please upgrade to a newer version or another browser.

Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more

Avoid a cookie bellyache

Website operators should now begin a series of measures so they comply with new legislation on cookies.

The May deadline for reaching compliance with the new rules governing the use of cookies on a website (the e-Privacy Directive) is fast approaching. The new requirement is essentially that cookies can only be placed on machines where the user or subscriber has given their consent.

It is strongly advisable that website owners take the following course of action now in order to avoid potentially receiving a fine from the Information Commissioner’s Office (ICO).

Audit

The audit performs two key functions. First, it helps you to understand what your web estate looks like (forgotten micro-sites, promotional sites and any previous versions also need considering). Second, it will highlight areas where cookies are being utilised and any third-party relationships you may have. Understand the role of each cookie to enable them to be put into groups, such as session cookies, shopping basket or third-party cookies.

Build information resource

Utilising the output from the audit process, create a website-based resource towards which you can point users. This resource should include the types of cookies and their uses. Again, it might be worth starting your list with first-party cookies and then progressing to those that more closely involve privacy-related data. It is advisable to avoid technical jargon and to word the descriptions in a manner that would be understood by all users.

Determine how consent is to be obtained

As a business, you will need to take a view on how to gain consent and whether or not you get user consent for all cookies at once, or by different categories. For example, you may gain consent for site function-related cookies (eg recommended products and personalised home pages) separately from site analytics and third-party marketing solutions. Or, you may decide to gain consent based on all cookies.

Note that while browsers would seem to be the natural mechanism for gaining consent, the view of the Government, European Commission and ICO is that they are not generally sophisticated enough to provide the type of consent required to reach compliance with the regulation.

These changes are very much upon us now and, while many online businesses may consider them a potential hindrance to their website’s operation, it is important that we as an industry accept that they are here and work together to develop best practices to make obtaining consent as unobtrusive and positive an experience as possible.

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions. Links may be included in your comments but HTML is not permitted.