You may have noticed our website looking a bit different since yesterday! That’s because we’ve added some things to aim to meet the new EU regulations on cookies which are coming into force this weekend.
Everything we’ve done is just based on our understanding of the new guidelines – we can’t offer anyone legal advice but we’re just showing you here what we’ve done on our site.
By the way – if you received our newsletter about this issue earlier in the week and are trying to click the link to the PDF on the ICO website – I’ve just found they’ve moved it! You can now get it here. Would have been nice if they’d added a redirect or even a message….
The new regulations:
The new law states that you need to ask visitors to your site to “opt in” to your site placing cookies and similar technology on their computer. A cookie is a small file with information in it which often tells you something about the user – what pages they’ve looked at, if they’re logged in, if they’ve got anything in a shopping basket etc.
Cookies are very often just useful in making sites user orientated and personalised – as well as functional! An online shop would be pretty rubbish if the site couldn’t remember what was in your shopping basket!
However, some evil powers out there use cookies to track your activity around the web and across sites and then display relavant advertising to you, or other less pleasant things, which can be seen as an invasion of your privacy.
So to bring in a rule to cut down on nasty activity, does unfortunately have to impact on harmless activity too.
Cookies on our site:
Session cookie:
As our site is built on the MVC framework CodeIgniter, we have a session cookie which is placed as soon as someone visits our site.
Now, to get people to “opt in” to this would mean sending them somewhere else first, and asking them if they were happy for a harmless cookie to be used – before then letting them continue to our site. And that’s likely to cause a big drop in our visits and subsequently our business as our website is our sole marketing platform (other than word of mouth).
This cookie is only there so that our user accounts – for us and our clients – can operate as we need them to. The cookie isn’t intended to effect general visitors – it’s purely functional for those who need to log in.
So there’s a clause in the new regulations which states that sometimes cookies are necessary:
There is an exception to the requirement to provide information about cookies and obtain consent where the use of the cookie is:
(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or
(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.
And we’ve decided we’ve had to adopt this approach here – and hope we’re reading this exception correctly!
We have however, also added a red link prominently on every page of our website with more information about this cookie, detailing what it collects, and why it’s used.
The ICO guidelines state that you have to be clear about what you’re doing with cookies and they suggest putting an obvious link in your header – our current design doesn’t really lend itself to that so it’s next to our twitter bird icon which on the home page in particular is pretty obvious.
You can read what we’ve said about the cookie in our privacy statement.
Third party cookies:
Third party cookies are when another website or service places cookies on people’s computers via your website. We’ve had a few of these as we use Google Analytics, and social media share icons such as the Facebook “like” button.
Your website might issue third party cookies if you run an affiliate programme or partner programme.
Even though, strictly speaking, we’re not the owner of this cookie, it’s our site that is activating it so the guidelines state that both parties need to do their bit to make sure people know what these cookies are doing.
Well, I’m not in close cahoots with Google and Facebook, so we’ve added a bar along the top of our screen asking people if they’d like to accept the cookies (big shout out to CookieCutter) and for more information, we send them to Google’s and Facebook’s privacy policies via our privacy statement. We don’t feel that we can tell people the details of what these cookies do as we’re not the people rolling them out, and Google / Facebook could change what they do at any time. So whilst we’re asking people to opt in on our site, we’re sending them straight to the horse’s mouth for info on them.
If you accept the cookies, then you’ll see social media icons appear on pages of our site and we’ll start tracking you in our Google Analytics.
Ironically, we actually have to set another cookie to remember your preference on this! So by accepting these cookies, you’ll also let us place another one to say that if you visit our website again in the future, we’ll remember that you’re happy with us using Google Analytics and showing social media icons (that’s detailed in our Privacy Statement which is linked to from the “Read more” link in the header strip).
I’ve read other developers say that they think GA is essential to their site and business, so they’re using the “techy get out clause” to leave GA on and not ask for permission… but personally I’m not completely comfortable with that so we’re asking people to opt in. Google is a vast and if there’s anyone who has the power to share your personal preferences across an advertising network, it’s them!
Enforcing the regulations:
Apparently (apparently – just speculation) the ICO aren’t going to actively enforce the regulations which threaten huge fines for non-compliance – they’re just going to wait for people to complain about sites setting cookies on their computers. Which is perhaps not going to be very often seeings the reason for these guidelines is apparently because the general public don’t understand what cookies are or know anything about them. Who will report complaints however, are companies who have spent time and money updating their sites and systems to conform, just to lose business from it and have customers be put off by big scary buttons asking complicated things – whilst people who are, strictly speaking, breaking the law, carry on as normal.
Updating your website:
The updates described here on our site – besides re-writing our privacy statement – took 1 – 2 hours. It will vary from site to site, as much because of different designs as anything – but if you’re an existing client and you’d like us to take a look at your site and sort it out (as the law comes into force as of today/tomorrow) then please contact us. We can’t offer anyone legal advice on the new guidelines, and how far you take things (or don’t) is ultimately your decision – but we can handle the technical side for you, of removing cookies and / or getting people to opt in.