You’ll probably find it does. Cookies are small text files placed on a visitor’s computer to “remember” their visit. They’re used for all sorts of things from remembering goods in a basket to speeding up the process of leaving blog comments to enabling social media sharing. They’re also used by analytics software such as Google Analytics to give the webmaster important information about visitor numbers, pages viewed and so on. There are some less innocent cookies though – for example, those advertising cookies that monitor your web browsing and then pop up adverts for products you’ve looked at on unrelated websites.
In the past internet users had to opt out of receiving cookies by changing their browser settings. However, from 26th May it is the responsibility of the website owner to gain permission for cookies to be used. The law actually came into effect last year but companies were given 12 months’ grace to make any necessary changes to comply. Anyone failing to make their website compliant with the law could face huge fines.
However, the good news is that not all cookies require an opt-in. If a cookie is essential to maintain a website’s functionality you don’t need to obtain consent to use it. The ICO has defined four classes of cookies:
Category 1: Strictly necessary cookies (these add features the user has requested – for example, a shopping basket on an ecommerce site, or login to a membership site)
Category 2: Performance cookies (things like Google Analytics cookies, where the information acquired can be used to improve the website)
Category 3: Functionality cookies (for example, cookies that remember your details when you leave a comment on a blog, so you don’t have to keep doing it)
Category 4: Advertising Cookies (cookies that track your browsing, learn your habits and show you relevant adverts, for example)
The ICO only considers Category 1 cookies to be exempt from the law. Personally I would also consider categories 2 and 3 to be essential to the functionality of a website too, but that’s not the interpretation I’m hearing. However, if you use category 4 cookies – such as those advertising cookies make you feel like you’re being spied on – then you really do need to be requesting permission to use them or you could find yourself in hot water.
So what should you do?
If you do use third party cookies or other cookies that are not necessary to your site’s usage then you do need to request permission from visitors. There are a couple of ways you can do this:
- You could add an opt-in box at the top of your website that requires users to tick the box to allow cookies to be used.