Last year a new privacy law came into effect in the EU that requires website owners to get permission BEFORE they plant web cookies (or any technology for storing information) on a visitors machine. This has MASSIVE implications for not only businesses but for bloggers and personal website owners too as the Information Commissioner’s Office (ICO) has the power to slap you with a penalty of up to 500k! Everyone had a year to get their ducks cookies in a row.
So here we are, a couple of days away from the impending doom of the deadline and it seems that there are still a heck of a lot of large websites not complying to this new law – mainly because no-one seems to understand what’s going on or what they are supposed to do. But bloggers always lead the way (right?) so I decided to at least attempt to comply as resistance is futile.
So, this is what I did:
- I installed a Firefox extension called View Cookies to audit my site first.
- Then I created a Privacy Policy which has to have a table detailing every tracking code (not just cookies) the rest of the text can then be generic.
- Then I installed the WordPress Cookie Control plugin.
Screen grab showing cookie control
Of course it’s not perfect, I probably haven’t allowed for the third party social cookies that get set if you aren’t already logged in with those sites and I’m not 100% sure which cookies are “strictly necessary” and don’t need authorisation – I can see much tweaking ahead. I’ve had it installed for a few weeks now and have noticed that my Google Analytics has taken a massive hit. I guess the bots don’t understand that they need to agree to this cookie being planted. I’ve also found that this plugin places the text at the top of the page before the javascript renders it in the bottom corner – I have noticed this text is now showing up in search results!
I don’t actually like it, but I should show willing and test the options available so I can offer advice to my clients at Fish Media. I have been watching the responses from the industry closely over the last few months and feel that something significant will happen before we have to spend too much time (or our clients’ money) if we rush into this. Apparently, major browsers are working towards putting something in place which should cover this law in the UK but we can’t just sit back and hope.
There are a few off-the-shelf options popping up so please let me know if you find anything that really hits the mark.
Oh, by the way – I’m not a lawyer, so I suggest you read these:
Update: A really nice article has been written on .netmagazine regarding the cookie law and in particular the following paragraph:
Implied consent via notice If your site doesn’t feature advertising and uses cookies for functional purposes (accessibility, Facebook Like buttons and Google Analytics), then you may be fully compliant if you have a cookie notice displayed clearly on your website referencing details on your privacy page. You will need to make sure this notice remains up to date when new features are added.
So, until I read or hear differently I am going to use a notification toolbar!
Update 26 May: Cookies law changed at 11th hour to introduce ‘implied consent’
Image Credit: 4nitsirk
