What are cookies?

A cookie is a small file stored on a users computer by the browser when they visit a website that leaves cookies. The browser can read a users cookies and send information back to websites that a user visits. Cookies are primarily a mechanism for websites to remember things that a browser had done there in the past, which can include having clicked particular buttons, logging in, or having read pages on that site months or years ago. Cookies can also be used to track users browsing patterns, such as those left by Google Analytics.

So what's the issue with cookies?

It's possible that cookies can be used on commercial websites to target advertising at users based on browser and internet patterns and history. It is possible this has privacy implications and so the Information Commissioners Office (ICO http://ico.gov.uk/) has created a policy to prevent this happening.

What does the policy require?

Although cookies can be turned off by a user on a per browser basis, due to said privacy concerns, the ICO has decided a user must opt in to receive cookies rather than opt out. The EU cookie law which comes into force on May 26th 2012, requires websites to gain consent from visitors to store or receive any information on a computer or any other web connected devices (e.g. smartphone or tablet). The cookie law has been designed to protect online privacy of customers by making them aware, and giving them a choice, about the amount of information collected by websites. After May 26th 2012 if a business is not compliant, or is not visibly working towards compliance, it will run the risk of enforcement action and a possible fine of up to £500,000.

What are the implications?

In order to comply, when a user visits your website they should be presented with an option to accept cookies before any cookies are left on their machine. The cookies need to be explained in a clear Privacy Policy. Google Analytics requires cookies so this will stop collecting data until a user accepts the cookies. Any cookie required for the website to function (i.e. shopping basket, login forms) are exempt and are OK to be created.

What do I need to do?

Most content management systems leave cookies on a users machine. In theory, these cookies need to be prevented from being created until a user agrees to accept cookies. Your web developer will need to make some changes to your website code to prevent the cookies being created and, if you need cookies, add in an option for the user to accept cookies (an unobtrusive pop up box is common). If this is not implemented, then you need to be able to show you are actively working toward implementing it. In addition to this a clear Privacy Policy needs top be created to explain what data and cookies the website collects, and what the website owner does with the data.