EU Cookie Legislation Revision 2012
This quick guide is about the new eu governments privacy legislation of 2011 and how it relates to cookies and the owners of websites from May 26 2012 onwards. This is a quick overview plus some links to other useful online resources to enable you to make some informed choices on how the government legislation will affect affiliate marketing and your website.
This guide will help to explain more about what these changes mean for you and what you need to do to work towards complying with the new EU cookie legislation regulations.
- What you may not know is that this legislation is almost one year old and that it affects all the eu members! The new Cookie legislation became Law on May 26th 2011 but will become actively enforced from May 26th 2012.
First Question – What is a Cookie?
What is a Cookie? A cookie is a small text file of letters and numbers downloaded on to a computer when cookie enabled websites are accessed. Cookies allow a website to ‘recognise’ a computer.
- Cookies themselves do not require personal information to be useful and should not personally identify internet users.
Cookies are used by almost all websites, for a variety of purposes:
- Analysis of visitor behaviour (known as ‘analytics’).
- To personalise pages and remember visitor preferences.
- To manage shopping carts in online stores.
- To track people across websites and deliver targeted advertising.
What Does the Revised Cookie Law Mean?
The revised Cookie Law means that websites will need to get consent from customers to store or retrieve any information on a computer or any other web connected device, such as a smartphone or tablet.
- This Cookie Law is amended privacy legislation that requires web sites to obtain informed consent from visitors before they can store or retrieve any information on a computer or any other web connected device.
Why is This Law Coming Into Effect?
The cookie law has been made to protect the eu consumers’ online privacy by educating them about how their information and behaviour is collected and used by websites. The laws aim is to give consumers control over their own online privacy. Each eu member (including the UK) must comply with these laws.
- Unfortunately, the vast majority of users will NOT know what a cookie is or how these cookies enhance and impact their online experiences so the law will need to be interpreted and implemented by web site owners.
Types of Cookies
Cookies can be very generally classified as either session or persistent cookies. This essentially means that they can either expire at the end of a browser session (from when a user opens the browser window to when they exit the browser) or they can be stored for longer with a variable period of time set by the site which ‘drops’ the cookie.
- The new regulations do not really differentiate and the regulations apply to both types of cookies.
Are There Any Exceptions to the Law?
The basis of the law exists around the ‘right to refuse’ a cookie. There are exceptions to the requirement to provide information about cookies and obtain consent where the use of the cookie is as follows:
- For the sole purpose of carrying out the transmission of a communication over an electronic communications network Where such storage or access is ‘strictly necessary’ for the provision of an information society service requested by the subscriber or user.
- The term ‘strictly necessary’ means that such storage of or access to information should be ‘essential’, rather than ‘reasonably necessary’. However, it will also be restricted to what is essential to provide the service requested by the user, rather than what might be essential for any other uses the service provider might wish to make of that data.
It should be noted, that where the use of a cookie type device is deemed ‘important’ rather than ‘strictly necessary’, those collecting the information are still obliged to provide information about the device to the potential user and obtain consent.
Responsibility for Providing the Information and Obtaining Consent
The Regulations do not define exactly and clearly who should be responsible for providing the information and obtaining the consent. However, you are responsible for complying with these regulations if you operate an online service or website and it requires any use of a cookie type device for your purposes only.
However, once a person has used such a device to store or access data on a device, that person will not be required to provide the information described and obtain consent on subsequent occasions, as long as they met these requirements initially.
- While the regulations do not require the relevant information to be provided on each occasion, they do not prevent this.
So, What Do You Need to Do To Inform Consumers?
Basically, if you are using cookies on your web site you will most likely need to make some changes. You MUST inform your customers, but how you do this can be in a variety of ways. We recommend that for the time-being you follow some or all of the following:
- Tell visitors to your website that the cookies are there.
- Explain the purpose of these cookies.
- Get the customer’s consent to store a cookie on their device.
The Regulations are not entirely rigid about the information that you need to provide consumers with, but the text should be sufficiently full and intelligible to allow individuals to clearly understand the potential consequences of allowing storage and access to the information collected by the device should they wish to do so.
What Does the New Law Actually Say?
The new government requirement is essentially says that cookies can only be placed on devices (computers, ipads, etc) where the user or subscriber has given their consent to the web site.
6 (1) Subject to paragraph (4), a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal equipment– (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b) has given his or her consent.
(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.
“(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or program to signify consent.
(4) Paragraph (1) shall not apply to the technical storage of, or
access to, information– (a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.
For more information you can try:
- ICO (Information Commissioner’s Office [http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx] or [http://www.ico.gov.uk/%7E/media/documents/library/Privacy_and_electronic/Practical_application/advice_on_the_new_cookies_regulations.pdf]
Well, I hope you found something useful and enjoyed this article, please don’t forget to let me have your thoughts in the comment box below. See you soon.