There is a lot floating around about the new Cookie Rules coming into force at the end of the month. We have been reading around the topic from various sources and one source in particular has provided great insight into what this new legislation means. We have summarised a great article from Vertex Law below, but if you want to read the full article click to visit the Vertex Law site here. If you want to read a more biased view on why I think it is unfair! Click here.
Whatâ€™s a cookie?
Cookies are small text files stored on a userâ€™s computer by their web browser, which allow a website to recognise a userâ€™s device and remember their activity. This in turn facilitates (for example) storing site preferences and shopping basket contents, and authentication of a userâ€™s details.
The European Union has passed various directives since 2002 related to the setting of â€œcookiesâ€ through usersâ€™ browsers. The UK introduced these amendments in May 2011, through the Privacy and Electronic Communications Directive, and gave UK organisations a grace period of 1 year to comply, ending 26 May 2012.
This applies to all UK organisations, as well as emails and â€œappsâ€, extending to all technologies including mobile.
To be exempt the storage of cookies must be strictly necessary for the correct operation of the primary purpose of the website. As a very narrow example, an â€œadd to basketâ€ or a requirement to â€œrememberâ€ user choices from previous pages, could claim exemption. The vast majority of cookies, particularly those used for advertising, analytical and tracking purposes are likely to be affected.
What is required?
By 26th May, organisations must have in place a â€œrealistic plan to achieve complianceâ€, or face potentially serious penalties, with fines of up to Â£500,000. Customers expect to see websites complying with the law in relation to personal data, and as such not complying with this legislation may quickly become conspicuous for such non-compliance.
What you need to do now?
â€¢ Audit your systems
â€¢ Adopt a â€œconsent strategyâ€ for your organisation