Since 2011, all websites have been required by law to get permission from visitors when using cookies.
The cookie law requires you to get consent from a website visitor when you store cookies on their computer. The Information Commissioner's Office (ICO) has useful guidance to help websites comply.
Indeed, many websites rely on cookies to keep visitors logged in or to remember what's in their shopping basket as they move between pages.
"The only cookies excluded from the law are any that are necessary to provide a service people are asking for," continues Richard. "That mostly covers things like shopping basket cookies and a few types of cookie used to store information temporarily.
What are cookies?
Cookies are small files that websites place on visitors' computers.
They're used to give website users a better experience - for instance, by keeping them logged in or remembering what items they've placed in their shopping basket.
More controversial uses for cookies include tracking visitors as they move between websites in order to provide targeted adverts. If you've ever visited a website, then seen adverts for that company's products on other websites, that's cookies at work.
Perform a cookie law audit
To understand your obligations under the cookie law, you need to establish what cookies your website uses. There are several tools available to help you perform a cookie audit. Richard's company offers Optanon, but you can also try the tools from Attacat or Bitstorm. Each lists the cookies used as you browse a website.
Audits can easily go out of date as cookies and websites change quickly. Richard advises clients to think about auditing at least once a year.
Once you know what cookies your website uses, you can determine whether or not you need to get consent from visitors to use them. Most websites need to get consent.
Since the law came into force, the most common way of doing this has been to be to display a message when a visitor first arrives at the website. The message is usually shown alongside a button labelled "continue" (or similar), allowing the user to close the message and continue their visit.
It's also a good idea to provide a link to more information about the cookies you use. After all, the law requires users to give their informed consent. Other methods include showing the message in a fixed bar at the top of the screen or displaying an overlay on top of the page.
How to show your cookie message
How you display a message to your users will depend on how you built your website:
- If you created your website using a website builder tool or software, there may be an option to add a message about cookies.
- If you built your site from scratch or worked with a web designer then you may have to edit your website's code.
Is this enough for the cookie law?
Although most websites that have implemented a cookie message take the route described above, this may not be strictly compliant with the law.
Further guidance issued by the EU suggests that you must give visitors the choice of accepting or refusing cookies, and that you should keep this choice available during each visit.
Having said that, pragmatically it seems unlikely that any business which has taken steps to make users aware of its cookies will attract attention.
Browse topics: The internet