No, not that sort of cookie
The new EU law on website cookies came into force on 26 May. But there's been little clear guidance of what's expected of website owners or what the penalties might be if you don't comply.
For business owners who might not even know what a cookie is, expecting them to interpret this new law seems a little much! It's frustrating, so we've tried to make some sense of what you need to do to comply with the law.
What is a cookie, anyway?
A cookie is a small piece of information that a website can place on your computer when you visit it. Cookies are used for all kinds of things - most commonly, for web analytics, to track what people do when they're on a website.
However, they can also be used by sites to remember what was in your shopping basket last time you visited, or to show you particular adverts or content depending on what you've looked at before.
The principal behind the new cookie law is that people have a right to know and decide what's downloaded to their computers. When they first visit a website, they should see an explanation of the cookies that site uses and be able to choose which should be used.
And that's where it gets tricky. Many website owners don't know what cookies their sites use themselves. There will be cookies used to smooth the browsing experience, cookies that collect information on user habits, and increasingly, third party cookies used by services like Google Analytics.
Audit your cookies
This confusion means the best way to start is to audit your website, so you know what's there. There's some good advice about doing a cookie audit here, and a free tool that can help too (although you'll need to be using Google Chrome as your web browser).
Decide which cookies you actually need
Once you have a list of all the cookies your website uses, decide which you actually need, and think about which ones your visitors are likely to accept.
For instance, do you need cookies for web analytics (yes, probably – without them you'll struggle to learn more about the people who visit your site), or for social bookmarking services?
Then you need to work on telling visitors about the cookies you decide to keep. How do you explain each in a way that encourages people to accept them? In my experience, people can be understanding when they realise the benefits cookies bring them. So, with careful wording, you can make sure most are accepted.
You should list each cookie and link to information about it to have a greater chance of it being accepted. There's a good example at the top of the Information Commisioner's website:
The message is followed by a simple check box which users can tick (or not). If they tick it, the site can activate all the non-essential, but useful cookies.
A big change
There's no denying this is a big change. Some web designers have serious concerns about its impact.
For now, we can just advise you to manage these issues as well as possible, with the aim of making it easy for visitors to understand what your cookies are and why they are important. As more websites start to make these changes, people will become savvier – as individuals, we'll discover our own cookie comfort levels and work from there.
Finally, don't panic. There's a year-long grace period for websites to get things in order. But what happens after that – in terms of penalties – is unknown. So our advice is to do the work now, while you have time to think it through, and before you are forced into doing it.