On May 26th 2011 a new EU regulation came into effect that requires website owners in the EU to obtain informed consent from visitors before they can store or retrieve any information on a computer or any other web connected device. This is now law in member states and is currently in the news as the 12 month grace period for compliance in the UK has now come to an end.
Very simply the regulation means that you need to alert users to any Cookies you are using on your website and get them to consent to their use. What are cookies? – Also known as browser cookies or tracking cookies, cookies are small, often encrypted text files, located in browser directories. They are used by us to help our users navigate this website efficiently and perform certain functions. Due to their core role of enhancing or enabling usability or site processes, disabling cookies may prevent users from using certain parts of this website. Source: www.allaboutcookies.org
The legislation does not proscribe the solution so there is endless discussion about what is necessary, what your competitor is going to do and a number of approaches to the legislation ranging from ostrich-like head in the sand strategies to very clear upfront approaches are emerging:
A lot of sites seem to be taking a watch and see approach to this. The legislative intent is not currently clear and full compliance would mean taking the Opt In approach which will undoubtedly put websites in competitive verticals at a disadvantage should they implement such a solution while their competitors sit on the fence.
Asking the user to opt in to the cookies upfront is currently the only approach that appears to be fully compliant with the legislation. (Note – It’s also the approach that will leave you without critical data on visitors as experiments have shown.)
So for example the ICO.gov.uk site has the following banner at the top of their website:
The ICO would like to place cookies on your computer to help us make this website better. To find out more about the cookies, see our privacy notice.
This puts the onus on the user to opt out but gives them a tool to do so. For example this is the approach taken by BT.co.uk
The cookie settings on this website are set to ‘allow all cookies’ to give you the very best experience. If you continue without changing these settings, you consent to this – but if you want, you can change your settings at any time at the bottom of this page. https://www.bt.com/static/includes/globalheader/cookies/more-about-cookies.html
A lot of sites are simply adding a link to information on cookies and how to disable them in your browser.
JohnLewis.com is one site that takes this approach. They comprehensively list their cookies and explain how you can disable them.