Time is running out for media webmasters to make sure their sites comply with EU cookie regulations that are being enforced from May 27.
The regulations mean that websites must get visitors’ consent for placing certain types of cookies in their browsers.
Sites must also give visitors clear and comprehensive information about what the cookies will be used for.
The directive is called – wait for it – the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.
When it became law, the UK’s Information Commissioner gave organisations until May 27 to get their sites in order. And he has the power to fine them up to £500,000 if they break the rules.
The ICO has said it is not going to launch a witch hunt on 27 May. But it does expect organisations to be working towards compliance.
The rules are intended to protect people’s privacy, and apply to ‘intrusive’ cookies – i.e. those that:
1. Analyse people’s behaviour.
2. Track visitors across websites.
3. Personalise pages by recognising a visitor’s preferences.
Media websites will be affected if they carry advertising and engage in e-commerce – or even carry a Facebook ‘Like’ button.
Cookies that are ‘strictly necessary’ to enable a website to provide a visitor with the service they requested are exempt.
So there is probably no need to worry about cookies that just record which items a user has put in a virtual basket, or remember visitors when they re-visit a site to save them logging in every time.
Organisations are being urged to:
1. Carry out a site audit to see which cookies are used – and what for.
2. Decide whether they are intrusive, according to the new rules.
3. If they are, decide how you will get site visitors to consent – or opt out – of receive them.
Most sites will opt for a simple tick-box. The ICO’s own site sets a good example by providing one, preceded by this statement:
‘The ICO would like to place cookies on your computer to help us make this website better. To find out more about the cookies, see our privacy notice.’
Other options include pop-ups, and terms and conditions that the user must accept – with a clear link to a privacy policy. See this example
It remains to be seen how the new law affects business. Some experts say it could lead to a drop in site traffic by up to 23 per cent and wipe out billions of trade across the EU.
The ICO has a useful pdf explaining the new rules
Don’t say you weren’t warned!
Cleland Thom is a consultant and trainer in media law
Email pged@pressgazette.co.uk to point out mistakes, provide story tips or send in a letter for publication on our "Letters Page" blog