Keep your web cookies legal

Keep your web cookies legalSince 26 May 2011, it has been illegal to use web cookies on your website without first seeking permission from users. Emma Allen finds out what this means for your website and how to comply with the rules

To comply with web cookie laws, businesses have been required to remove web cookies from their websites completely or to install a method of requesting user consent - such as pop-up windows on a home page.

You must also explain to people how you use web cookies and what data they collect.

What are cookies?

So what are cookies and how do they work? "Cookies act as a record of where you have been online, such as which sites and pages you have visited," says Stuart Mackintosh, managing director of IT consultancy OpusVL.

"By installing a piece of code on to a site user's computer, they enable websites to remember consumers and their online preferences, such as login details, surfing history and buying habits. Generally, they are beneficial - without them, online shopping would be much harder," he points out.

The web cookies law

According to the Information Commissioner's Office (ICO), the body responsible for regulating the law, most UK business sites use web cookies in some form or another.

Mackintosh advises website owners to carry out an audit to assess what web cookies are used, what purpose they serve and how intrusive they are.

"Crucially, the law states that consent must only be sought if personal data is being stored about a consumer," he explains.

"If cookies are used purely to manage the transaction process, by remembering what is in the consumer's basket, for instance, they are deemed 'strictly necessary' and consent is not required."

The Information Commissioner has produced helpful guidance on cookies which will help you decide whether your cookies qualify as strictly necessary and whether consent is required.

Third-party web cookies

However, the situation is more complex if your website uses third-party cookies.

"If you use or allow cookies to track visitors from any external sites, or use third-party advertisements, both of which are likely to store personal information about visitors for marketing purposes, you will need to provide visitors with a clear method of opting out," Mackintosh stresses.

Opting out from web cookies

This can be achieved in several ways, the most obvious being a pop-up window. "But pop-ups are intrusive and web users typically don't like them," Mackintosh points out.

An alternative is to set up a permanent element on a home page. "For instance, you could build a box on the right-hand side that slides up and down, displaying the site's cookie status."

For websites that sell products or those that require users to register first, the most straightforward way to secure consent for web cookies is to direct customers to a terms-and-conditions page.

To comply with best practice, you should also set out a privacy policy on your site that explains what web cookies are and how your business uses them. "It's worth making sure that users can link directly to this from anywhere on your site," advises Mackintosh.

Whichever route you choose, the use of web cookies needs to be clearly displayed on your website. "Don't make things obscure because this could lead to complaints, or worse, you could be prosecuted," Mackintosh concludes.