The much debated EU cookie law comes into effect this weekend and leaves many website owners and indeed developers confused about their position in the regulation and whether their website needs to introduce a cookie opt-in system that you have probably already seen adopted by the likes of the BBC and other big websites.
The official line (which actually changed just 48 hours before the published deadline) is that from Sunday, websites must obtain “implied consent” from visitors before saving cookies on a machine. But what does this all mean? The use of “implied consent” shifts responsibility to the site visitor themselves rather than the website owner or developer, and will come as a relief to thousands of website developers and companies who have been struggling to comply with new EU directives which were introduced a year ago.
What is a cookie?
Cookies are small files that are placed in a special folder on your computer by your chosen internet browser to recognise and track users. The ICO groups them into three overlapping groups:
- Session cookies
Session cookies allow a site to link the actions of a visitor during a single browser session. These might be used by an internet bank or webmail service. They are not stored long term and are considered “less privacy intrusive” than persistent cookies.
- Persistent cookies
These remain on the user’s device between sessions and allow one or several sites to remember details about the visitor. They may be used by internet marketers to target advertising or to avoid the user having to provide a password each visit.
- First and third-party cookies
A cookie is classed as being first-party if it is set by the site being visited. It might be used to study how people navigate a site. It is classed as third-party if it is issued by a different server to that of the domain being visited. It could be used to trigger a banner advert based on the visitor’s viewing habits.
The good news is that if your website has been designed and developed by Interactive Red then we will only ever use session cookies and the information stored within those contains no personal data. To this extent, you do not need to panic about the new cookie law. Any personal information gathered – by user consent – through one of our websites is stored in a database on the server itself and is only linked together by the session identifier – the only piece of information stored within the cookie itself and since it’s a session cookie, the minute you close your web browser that session is dropped.
Even websites that use our ecommerce package with their basket functionality rely on the same cookie to identify the session and the basket data itself is stored on the website database.
Aside from our reassurances or if you do not run your website on our in house CMS package, the ICO has said it would not take immediate action over non-compliant sites, and would instead offer guidance.
In short, don’t panic!