Latest UK guidance for EU cookie law
Latest UK guidance for EU cookie law:
New detailed guidance for marketers released by the Information Commissioner
Value/Importance: ★★★★★
Recommended link: 13th Dec 2012 update from ICO
Our summary of the new cookie guidance
Through 2011 we have written updates on this new privacy law, specifically how it affects cookie use on websites and how it affects analytics – that post showed an alarming drop in recorded visits when cookie opt-in was implemented by the ICO. The guidance when the law was initially introduced was limited, so with the grace period not so far off now in May 2012, the new much more detailed guidance is welcome and it is much clearer. I’ve picked out 4 of the main things which are important:
1. You must obtain consent for cookies
Note that many still don’t adhere to the original 2003 PECR law…
2. There are exceptions
Exceptions on the left may help retailers, but opt-in to analytics and third-party advertising is required and there is no current general method for this – these cookies operate under opt-out currently.
3. Browser settings don’t help
We blogged in November that the new W3C Browser settings could help with compliance for this law. But unfortunately not…
4. Review the implementation example
Wireframes with ideas on implementation are now provided. It seems that pop-ups or footer bars may be the most practical option with the ICO suggesting that cookies could be set on the second page view – that’s easily said – not so easy to implement in practice since most sites and analytics set cookies on the first page view.
Here, for reference is the full guidance published in the ICO post:
Marketing implications of the new guidance
The date to be aware of is 26th May 2012 however the information commissioner has said in a recent blog post that:
“There will not be a wave of knee-jerk formal enforcement action taken against people who are not yet compliant but trying to get there”.
So there is not a threat of legal action if you are following the advice to achieve compliance. Interpreting the guidance, this suggests that by this date you should have:
- Audited your current use of cookies.
- Updated privacy messages on your site to reference use of cookies.
- Implemented or be working on implementing a method of offering opt-in to cookies.
Of course 1 and 2 are relatively straightforward, it is 3 that is challenging! Here you are very dependent on integration with third-party systems – cookies are essential for offering login.
We’d be interested to hear about solutions to 3 that are available or you are working on as a client or a vendor/agency.
No comments:
Post a Comment