If you've been engaged in building a new website lately or implementing a new bit of software for public use (like an Applicant Tracking System for example) then you may have heard some rumblings about Cookies and the new EU Cookie law.
We thought it might be useful to throw a few notes on the blog here to give you some background.
So, what's it all about?
Well in a nutshell, don't worry, it's all a storm in a teacup and fairly easily worked around...but you do need to be aware of it. Now, the longer version! In May 2012, the UK finally implemented the EU directive on the use of cookies (and similar technology) on websites. It was a badly drafted, badly implemented law, so broadly framed that it made pretty much every website in the UK illegal overnight.
The law basically said that if your website wanted to store any cookies on a user's machine, then you had to ask for (and receive) their explicit permission first. On the face of it, this sounds quite reasonable, after all, there are lots of nasty companies out there tracking our every move right? Well, no. There are probably some very egregious uses of cookies out there, but they're definitely the exception rather than the rule.
Unfortunately, genuinely useful, and pretty much benign, cookies like those used by Google Analytics, social sharing buttons, YouTube videos, and some content management systems are also covered by the same law. So we were left with the possibility that we'd either have to break the law or ask every visitor a confusing question they'd probably say no to (it's easier than trying to understand what's being asked) and see the statistics for all our sites drop through the floor overnight. Making ROI considerably harder to divine! Fortunately, when the law was first introduced, the iCO also gave it a 12-month deferral period to allow everyone to get ready, which expired in May 2012. They accompanied it with some really vague guidance that left everybody nonplussed...so most web developers did what they thought best...and ignored it in the hope it would go away. 12 months later, about 11 hours before the law was due to come into force the iCO introduced new guidance that watered down the requirements somewhat...so where does that leave us? Well, it all depends on your attitude to risk, with a potential of a £500k fine you should at the very least review all your websites and get a good handle on what cookies they're setting and how they're being used.
Ideally, the output of that exercise should then be used to redraft your Privacy Policy page to include information on how the cookies are used and amend any links to it in your site header and footer to clearly state that it's about Cookies as well. Then, finally, look at how you might work to either eradicate the cookies entirely or implement some level of cookie compliance software to gain users' consent.
That way, if the iCO comes knocking, you can evidence you're aware of the issue and have a plan and a thought process in place to deal with any enforcement notice they might issue. Phew...
