What to do about Cookies? Website Cookie Law in 2016
Ah, the infamous Cookie law. We’ve all seen those annoying pop-ups on some of the websites we visit, but to this day many people are still unclear on why they’re there, or whether we should all have them on our own websites. As a web agency, we still get asked about this every now and then, so here’s what you need to know.
What is a Cookie?
A cookie is simply a text file that is downloaded onto your computer or smartphone while you’re browsing, which stores a very small amount of information – usually to enable the browser to recognise that device. It enables the kind of functionality where a website remembers things about you – what you’ve put in your basket, or a preference you’ve set, without you having to log in everywhere all the time. Cookies are also frequently used to track website performance statistics via applications such as Google Analytics; and some (“third party cookies”) don’t enable functionality on the site you visit, but rather record information about products you’ve viewed so that similar products can be advertised to you later.
What does the law say?
The law says that you must tell people on your website if you set Cookies, explain what the Cookies are doing and why, and get the user’s consent to continue using Cookies on their device.
Opt-in or implied?
When the law was originally passed, the advice was largely that explicit (opt-in) consent was required, but since then the ICO (Information Commissioner’s Office – the body responsible for enforcing the law in the UK), has updated its advice to say that implied consent is sufficient:
“Consent does not necessarily have to be explicit ‘opt-in’ consent. Implied consent can also be valid. If you are relying on implied consent, you need to be confident that your users fully understand that their actions will result in cookies being set.”
What do you need on your website to comply with Cookie law?
The same page notes:
“Our approach is to focus on sites that are doing nothing to raise awareness of cookies, or get their users’ consent, particularly those visited most in the UK. We have maintained a consumer threat level of ‘low’ in this area due to the very low levels of concerns reported by members of the public.”
So, the situation at present seems to be that – as long as you ensure that you have correctly and clearly informed visitors of what Cookies you use and why (in a place that’s not completely hidden away), you’re covered, and this is especially true if your site is not high-profile. You don’t need an annoying pop-up demanding that folks opt-in to Cookie use before they can use your site.
Final thought: does Brexit affect Cookie law?
This sometimes gets asked because the whole Cookie shenanigans is associated in many people's minds with the EU. But the short answer is no. Although it all started with an EU Directive, PECR (which contains the wording on Cookies) is now part of UK law, so until or unless the law is changed, this information on Cookies still applies.
We will endeavour to update this post if the situation changes.