Are Your Cookies Too Hot To Handle?

For most people cookies are something eaten by Americans or people who spend too much time in American-style coffee shops. However to those who spend far too much time on their computers a cookie is a small packet of data left on your computer or mobile device by other people.

One of the common uses is for website owners to be able to see who looks at what on the website and how they get there. That is obviously incredibly useful for businesses to know but also a potential risk to the website user whether for reasons of privacy or because a cookie could be used to place malicious code on the user’s device.

The EU had already produced the snappily titled “Directive concerning the processing of personal data and the protection of privacy in the electronic communications sector” in 2002. This covered all sorts of things such as spam emails (and clearly has been incredibly effective in getting rid of those!). That was implemented in the UK through the equally easy off the tongue “The Privacy and Electronic Communications (EC Directive) Regulations 2003”.

The directive was further amended in 2009 to deal rather more firmly with cookies. The EU directive now requires that websites have to obtain informed consent before cookies can be put in place. Individual member states were given until 25th May 2011 to implement the Directive and the UK did so by producing “The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011”.

Implementation of the UK regulations is the job of the Information Commissioner who basically gave everyone a year to get their websites up to scratch. That year of course ended on 25th May 2012. From now on anyone whose website does not comply with the Regulations can face a hefty fine.

The Information Commissioner’s website has some useful guidance on the Regulations and the steps that the Commissioner suggests should be taken to ensure compliance.

Basically, it boils down to checking what cookies your website uses and making sure that you have some method by which you notify all visitors to your website of what cookies you use and what you use them for, before you put them on their device. You also of course have to make sure you give them some way of agreeing to accept the cookies or not and that you don’t put cookies on the devices of people who refused permission. It of course makes things a lot easier if you use as few cookies as possible and there are lots of things commonly done by using cookies that can be done just as well without them.

Whoever runs your website should already have dealt with this (or at least been bending your ear to get you to let them sort it out). If they haven’t, now is the time! There are plenty of ways to deal with the issues and the Information Commissioner is not going to take kindly to excuses along the lines of “I didn’t know”, “I don’t know how else to run my website” or “I haven’t got around to it yet”.

We would suggest that since you’re going to be spending quite a bit of time looking at your website and revamping it to either get permission and/or remove unnecessary cookies, it is a good time to look at your website more generally to ensure whether it complies with the various other relevant pieces of legislation and that it does what you need it to.

For example, when was the last time you reviewed your website’s terms and conditions? If you trade through your website, those are vital and in our experience most people’s terms of business get put up on the website and then forgotten about until there is a problem – by which point it is of course too late.

If you would like us to review your website and/or your terms of business, please contact Ian Pinder on idp@gardnercroft.co.uk