August 2, 2018

Cookies Law: Are You Compliant?

The below questions and answers summarise this article for those who do not have the time to read in detail (although we strongly advise you do).

 

Q: Does my website use cookies?

A: There is a high chance it does.

Q: Does it need to?

A: Highly likely in order for it to function in the way it does or for your visitor’s experience to be customised. Even software we take for granted such as Google Analytics requires websites to use cookies to work correctly.

Q: Are there laws around Cookies?

A: YES

Q: What are they?

A: You need to notify your website visitors about your website’s current cookies, the data they store and give them the option to participate or not.

Q: Are there risks to my business if I do not?

A: YES

Q: How can I find out more and avoid these risks?

A: READ ON…and email [email protected] 🙂

 

What is a Cookie?

A cookie (also known as an http cookie, web cookie, internet cookie or browser cookie) is a small piece of data that is stored on your computer, within a small text file, (via your internet browser) when you visit a website that uses cookies. The cookie data assists to help either tailor a user’s experience when revisiting a website or assist in a more efficient and effective user experience.

There are two main types of cookies, one temporary and one more permanent;

Session cookies – The session cookie is a temporary cookie. It stores information, via the website browser, in a temporary file location on the website visitors device. The common purpose of these cookies is to store information that is necessary for that visitor’s session only, such as shopping cart information or a visitor logging in. They are not necessary once the session has finished and therefore they are not retained after the browser is closed.

Persistent cookies – Persistent cookies store user information after the session has ended and the browser is closed, although they do have an expiration date. They are commonly used to help customise the visitor’s further website visits based on behavioural tendencies of previous visits.

 

Why does my website need to use Cookies?

There are a few main reasons why a website requires cookies and we have listed some common purposes below;

Customisation – The storage of cookie information means that users revisiting your website can have their experience customised based upon behavioural tendencies of their previous visits. Google Adwords and Google Analytics use these to assist with remarketing campaigns by which the cookie has store information based on what pages the user had previously visited.

Essential Site Functionality – Cookies help with common website functionalities that are today recognised as ‘standard’ functionality and are the types of functionality that make your visitor’s website experience more enjoyable. Keeping customers logged into your website for a certain session duration and storing shopping cart item information are both only possible thanks to cookies.

Data Storage Sharing – Cookies store a small amount of information based on the individual visitor, however all added together this potentially could be a lot more, depending on your average website sessions. If you were responsible for storing this information within server storage space you may find you need more storage, however this is not required because the cookie stores the information in the visitor’s device (computer/laptop/mobile phone for example) and only retrieves the information upon the next visit.

Security – Elaborating on the above point, if this data was not stored within a cookie file on the visitor’s device, then it would need to be stored on the server with your website and then you may become responsible for the safe storage and protection of that data.

 

What is the Cookie Law?

The Cookie law started, back in May 2011, as an EU directive giving individuals the right to refuse the use of cookies. Many web surfers noticed around this time that websites they visited featured a notification that highlighted the websites use of cookies and asking for permission/consent from the visitor to use cookies. Personally, I feel the law wasn’t taken very seriously at the time as many websites didn’t request cookie permission or dropped their cookie notification after a period of time.

The General Data Protection Regulation (GDPR) came into force across the EU from 25th May 2018, and with it major press coverage! The cookie law now falls within the GDPR remit and therefore the importance to comply with it just took a major leap.

 

Consent – Much of the law revolves around consent, requiring a website to obtain consent to use cookies from the website visitor. A caption of the specific wording taken from the GDPR legislation stating the following;

Taken from Recital 32.

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.

The two other basic steps for compliance are identification and notification.

Identification – You must identify what cookies your website is using. As your website grows over time with new functionality or 3rd party software such as analytical tracking and reporting tools you will need to update your cookie policy.

Notification – You will need to clearly notify your website visitors of the cookies that are in use and their purpose. This will need to be within a cookie policy that is accessible from the initial cookie notification message you present to your website visitor.

 

How do I comply with the Cookie law?

Compliance requires consent, identification and notification as listed above. The most efficient way to get consent is with a cookie notification message such as the one we have installed our website (see screenshot below).

 

Cookie Law Compliance

 

As you can see the cookie notification message is fairly unobtrusive so doesn’t really affect overall user experience. Also the cookie consent message implies that the website visitor consents to the use of cookies by using the website which does not hinder the user experience (where a tick box action may do).

Notification and Identification need to be included within the cookie policy. To do this you must identify each cookie your website is using at that specific time and clearly identify each and their purpose (or what they are used for i.e Google Analytics).

This means that your cookie policy shouldn’t be stagnant, it requires updating on a reasonably regular basis and this leaves you with two options;

 

  • Option 1) Create a cookie notification message within your website. Audit your website on a reasonably regular basis to identify new cookies and list their names and purposes. All handled by you internally.
  • Option 2) See Verve’s solution below.

 

Our Solution

Verve are able to provide you with an up to date and compliant cookie policy, provided by our partners – One trust, alongside an ongoing service that will audit your website every 3 months, identify your websites current cookies and list their names and purposes (i.e what this cookie is being used for) and update your cookie policy with this information, helping to keep your cookie policy up to date and compliant. A cookie policy settings pop out box will allow curious website visitors to see what types of cookies are being used, be them; necessary, performance-based or target based. It is important, and we strongly advise, to clearly categorise cookies in this way.

If, for example, on an eCommerce website a visitor disabled all cookies then this will render the site unusable and therefore the visitor would not be able to make a purchase, which is obviously not desirable for them or for the eCommerce site.

 

How To Comply With Cookie Law

 

This service will also include the implementation of a cookie policy notification message banner, such as the one highlighted in the screenshot of Verve’s website further up in this article.

This service is exceptional value for money and peace of mind. We offer separate rates for retainer and non retainer clients so please email [email protected] for a price or call us on 01743 360000.

Prices start from £20 + VAT per month for a smaller web – £30 + VAT per month for a typical medium size website.

 

What are the risks if I do not comply with the Cookie law?

This is not a scaremongering article but we will be honest with the level of risk you are taking by not complying with the Cookie law.

For starters this is a law, so if you choose not to comply you do run the risk of enforcement action from regulators, which in the UK is The Information Commissioner’s’ Office (ICO). Although this would be an exceptional case, non-compliance can mean a fine. The following case is extreme, but in 2015 a Dutch company was fined 25’000 euros for non-compliance with the Cookie law so it is being acted upon.

Taking fines out of the equation I believe the most important risk you run by non compliance is representation of trust and credibility – or lack of should I say. The Cookie law isn’t going away and more and more websites are taking steps to ensure compliance and as such more websites than ever are including the Cookie notification message. This is likely to soon become commonplace and website visitors may soon expect to see this message on all websites because of that. Visiting a website without the cookie notification message in the future therefore may raise eyebrows as to what potentially the website is hiding or not revealing.

For more information about the Cookie law, Cookie policies or the GDPR regulation in general and how to become compliant please email [email protected].

 

Julian Smout
Managing Director
Project Manager
Website Solution Specialist
Graphic Design
Digital Marketing
Print Management
Email Marketing
t: 01743 360000
e: [email protected]

After 16 years in the marketing industry, Julian set up his own company as a one man operation. Verve is now over 11 years old and has evolved from predominantly working with print, to a full service digital agency supported by an experienced, professional team.

In his spare time, Julian can be found scaling the hills the Shropshire, often followed by 3 smaller versions of himself!

Leave a comment
Close
  1. 01743 360 000
  2. [email protected]