Cookie Rules

New Cookie Rules For Websites From May 2012

1.The Background– websites and email marketing are regulated in part by the Privacy and Electronic Communications Regulations. These were amended in 2009 with significant changes coming into effect in May 2011 but with a year’s delay on any sanctions being enforced for non-compliance.

The changes affect the way your business can use cookies and other tracking technology in both emails and on websites to collect user data.

Web owners will be liable to enforcement notices and a fine of up to £500,000 for non compliance from May 2012.

2.What Are Cookies? – there are different types but basically a cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies may then be sent back to the originating website on each subsequent visit. Cookies are useful because they allow a website to recognise a user’s device and track what the user does, although the legislation also covers the use of other technical means of doing the same job.

3.Does Your Business Use Them? – probably ‘Yes’ – especially if, for example, your site uses tracking systems like Google Analytics, or if you use a bulk email management service that monitors ‘opens’ via a cookie or similar. Also if your site recognises past visitors; uses a third party company’s service who may track users themselves (for example advertising), or, if you have an ecommerce site, you may use ‘session’ cookies to track purchases.

4.What Is New? – If you use cookies, you must now tell people that the cookies are there; explain what the cookies are doing, and obtain their valid and well informed consent to store a cookie on their device.

There are exceptions where cookies are ‘essential’ to your site operation, for example cookies used (a) to remember the goods a user wishes to buy when they proceed to the checkout or add goods to their shopping basket (b) for security purposes, or (c) to help pages to load quickly or to load balance across multiple servers.

But cookies used for tracking, counting email opens, recognising past visitors and advertising are ‘caught’.

5.What Do You Need to Consider? – you need to (a) check what type of cookies / user tagging you use and how you use them (b) decide if you are informing users adequately and if you need consent, and (c) where you need consent, decide how to best obtain consent.

6.OK, What Actions Do we Need to take? – the key actions are to make sure your cookie information is clearly and prominently available on your site, and not ‘buried’ in a Privacy Page. You may want to add a new header link mentioning cookie use.

You should add cookie use consent to any directly relevant existing sign up, e.g. for a newsletter where you will use it to monitor opens (e.g. Check this box to sign up to our weekly newsletter. By signing up you allow us to use Open Tracking to monitor and improve your email experience.) (b) to open (or login to) an account where you use a cookie for easy recognition of returning visitors, or (c) when the visitor is to click on a button requesting a third party service.

Use pop up boxes, message bars or ‘splash’ pages to gain consent prior to use – at least on the first visit. (You don’t have to repeat this every time, but you may need a new cookie to recognise visitors who have given consent!)