Are your hands in the cookie jar?

Posted on Friday 8th June 2012 1:14

Anyone surfing popular websites in the UK such as bbc.co.uk will have noticed that a new notice has a tendency to appear near the top of the site warning visitors that it uses cookies. A cookie is a web term for a tiny piece of data that is sent from a website and stored in a user’s web browser and plays an important role in ‘remembering’ whether you’ve logged in to a service, clicked ‘yes’ or ‘no’ to a question or which pages on the site you’ve visited. One of the most common uses of cookies nowadays, however, is for advertising purposes, with third-party tracking cookies often used to track a user’s behaviour across several websites with the objective of serving up targeted adverts. This is why after searching an e-commerce site for something such as a new washing machine often results in you seeing adverts for that same site when you browse the latest news somewhere like guardian.co.uk

As some of these tracking cookies can hold an individual user’s browsing history for quite a long time, their use has raised privacy concerns which the European Union has sought to address with an “e-privacy directive”. The UK version of this came into force at the end of May, and demands that all sites must seek “informed consent” from visitors before saving cookies on their machine or face a fine of up to £500,000 from the Information Commissioners Office (ICO).
Yet despite the cookie law having been on the books for a year (it was passed by Parliament in 2011), compliance on this important issue remains spotty. Even the government was forced to admit that not all of its websites will comply with the regulation, and there are no definitive figures available that tell us how many of the millions of UK websites are obeying the law.

Having recognised that there’s still some way to go in raising awareness of the new law, the ICO is currently focusing less on taking punitive action against non-complying websites and more on educating website owners about their new responsibilities. Yet this is no reason not to take action now. If your website does use tracking cookies – and many owners might not even be aware that they do – you do need to become compliant sooner rather than later. One really surprising thing we discovered here at Influential Software when working with clients on just this issue is that if you use Google Analytics to keep tabs on your website traffic then technically your site does use cookies and brings you under the jurisdiction of this law.

It’s unexpected discoveries like this that make it critical for website owners to audit and then document how cookies are used on their sites, as it’s only by doing that that you can work out whether you’re okay to carry on as normal or seek informed consent from visitors.

The ICO may be negotiating rather than prosecuting now, but this is one area where ignorance certainly isn’t bliss.