Originally published in South East Business Magazine, May 2012.
You may recall there was uproar when the "Cookies Directive" was introduced last year. The Information Commissioner's Office (ICO), however, took a relaxed view and allowed businesses one year's grace to implement changes. The bad news is the grace period ends on 25 May 2012.
If your website is accessed by European users, you will have to comply with the new rules regardless of where your business is located. You have two key obligations: (i) inform users that you are using cookies and their purpose; and, (ii) obtain users' informed consent to store cookies on their hardware - you must obtain that consent before the cookie is set or soon after the user has accessed your website.
Those looking for an exemption are advised these are limited: for example, cookies used to facilitate secure online banking are exempt. The ICO has stated it will take a dim view of those that ignore the new rules and may fine businesses for non-compliance.
There are a number of simple steps you can take to keep within the law. These include:
- Talking to your web designer about adapting your log-in page or adding headers, footers or pop-up boxes. Users only need to provide informed consent once so consider a tick-box.
- Ensuring that your website carries a prominent notice about cookies and their use and refer users to a section of your website that tells them about the way cookies operate and the types used.
- Updating both your privacy policy and website terms of use to include information about cookies.
- Reviewing and implementing the guidance from the ICO and the businesses' organisation, the International Chambers of Commerce.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
