Does your company website use cookies?

You’ll probably find it does. Cookies are small text files placed on a visitor’s computer to “remember” their visit. They’re used for all sorts of things from remembering goods in a basket to speeding up the process of leaving blog comments to enabling social media sharing. They’re also used by analytics software such as Google Analytics to give the webmaster important information about visitor numbers, pages viewed and so on. There are some less innocent cookies though – for example, those advertising cookies that monitor your web browsing and then pop up adverts for products you’ve looked at on unrelated websites.

In the past internet users had to opt out of receiving cookies by changing their browser settings. However, from 26th May it is the responsibility of the website owner to gain permission for cookies to be used. The law actually came into effect last year but companies were given 12 months’ grace to make any necessary changes to comply. Anyone failing to make their website compliant with the law could face huge fines.

However, the good news is that not all cookies require an opt-in. If a cookie is essential to maintain a website’s functionality you don’t need to obtain consent to use it.  The ICO  has defined four classes of cookies:

Category 1: Strictly necessary cookies (these add features the user has requested – for example, a shopping basket on an ecommerce site, or login to a membership site)

Category 2: Performance cookies (things like Google Analytics cookies, where the information acquired can be used to improve the website)

Category 3: Functionality cookies (for example, cookies that remember your details when you leave a comment on a blog, so you don’t have to keep doing it)

Category 4: Advertising Cookies (cookies that track your browsing, learn your habits and show you relevant adverts, for example)

The ICO only considers Category 1 cookies to be exempt from the law. Personally I would also consider categories 2 and 3 to be essential to the functionality of a website too, but that’s not the interpretation I’m hearing. However, if you use category 4 cookies – such as those advertising cookies make you feel like you’re being spied on – then you really do need to be requesting permission to use them or you could find yourself in hot water.

So what should you do?

If you don’t use third party cookies, or you are sure that the cookies on your website fall under Category 1 and are essential to the functionality of your website, theoretically you don’t need to do anything. However, no one yet knows how this law will be monitored or interpreted, so to be on the safe side, add a Cookie Policy to every page of your website that’s clearly visible – linked via the sidebar or footer, for example, or in the main menu. (Alternatively you could add a section to your current Privacy Policy and make sure it’s easy to spot.) In the Policy list the cookies you use, and what they do, so visitors are aware of them. Make sure your policy includes something like “By using this website you give permission for our cookies to be stored on your device”. You should definitely add a Cookie Policy if your cookies fall under Categories 2 and 3 too.

If you do use third party cookies or other cookies that are not necessary to your site’s usage then you do need to request permission from visitors. There are a couple of ways you can do this:

  • You could add a pop up that warns the user that your site uses cookies, and that their continued use of the site indicates their permission has been granted;
  • You could add an opt-in box at the top of your website that requires users to tick the box to allow cookies to be used.

As I said before, no one really knows how this new law will impact on businesses, how it will be monitored or if there will be prosecutions for websites that aren’t cookie compliant. But I really don’t want you to run the risk of falling foul of the law, so here’s your homework for the weekend. Do a cookie audit to see what cookies your website is using (click here for a really useful cookie audit tool with simple instructions). Work out whether your cookies need permission or are essential to the functionality of your website. And then take action – add a Cookie Policy to your site, listing the cookies you use, and find a way to gain permission if you need it. Have fun!

And if you need any help with your cookies, or with putting together a Cookie Policy give me a call on 01367 888229 and I’ll do my best to help. You can also see my own Cookie Policy here.

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>