0141 339 1653

Mcrae and Company logo


UK deadline less than 40 days away

On 26 May the UK’s Information Commissioner’s Office (ICO) imposes an EU directive designed to protect internet users’ privacy. The law says that sites must provide “clear and comprehensive” information about the use of cookies. It says website managers must:

  • Tell people that the cookies are there
  • Explain what the cookies are doing
  • Obtain visitors’ consent to store a cookie on their device

“The information needs to be upfront – without information people can’t give consent,” said Simon Rice, the ICO’s principal policy adviser for technology, in a recent BBC article. Those who fail to implement its rules properly could be fined up to £500,000.

Even though the UK legislation came into force in May 2011 many sites have yet to add a feature asking for users’ consent. 95% of 55 major UK-based organisations were still not compliant with the cookie law at the end of last month according to a survey done on behalf of KPMG.

Half-baked idea?
The move has proved controversial with many companies stating the cookie law is not a positive development. The ICO’s own research suggests this could be an issue. Since asking users to click a box if they agree to accept cookies from its site, the organisation says just 10% of visitors have complied.

However, BT’s experience points to a possible solution.

Since March a pop-up message on its home page has told
first-time visitors that unless they take up an offer to change its settings, then they have consented to its “allow all cookies” default rule. “So far, we can see that customers are generally choosing to keep the cookies that we use to provide the best experience on our webpages,” a spokeswoman said.


Is implied consent enough?
At a recent WAW Website Analytics Wednesday event, Dave Evans of the ICO on the E-Privacy Directive, aka EU Cookie Law, went on to say

“Provided clear information is given about their activities, we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action.”

According to webtrends the first part of the statement is very important at it refers to implied consent. The ICO expects website owners to take the lead in educating users on the how, what and why of the data they collect. So, if you are a website owner using first party cookies for analytic purposes only, then you can expect the ICO to leave you alone, but only if you have taken positive steps to inform and educate your users, e.g.:

  • Conduct a cookie review and remove any unnecessary cookies from your site
  • Updated your cookie policy stating name of each cookie and what it does
  • Make it easy for your users to find and understand your cookie policy (implied consent), e.g. Link at the top every page
  • No legalese, no jargon, no inflammatory terms (e.g. use ‘measure’ not ‘track’)
  • Explain why cookies benefit their experience

Remember the legislation came into force in May 2011 so by now you should have already completed the above. If you have done so but are still unlucky enough to have a complaint made against you then the ICO may well reject it on the grounds of implied consent.


Copyright © 2014 McRae & Co   Terms & Privacy