blog.wsiwebbasedmarketing.co.uk

Sometimes the incompetence of government and EU bureaucrats makes you want to weep, well quite a lot actually.  The implementation and advice offered to us as web site owners and designers has been frankly unbelievable.

JUST 24 HOURS before the law came into effect on the 26th May the UK’s ICO (Information Commissioners Office) released new guidelines, UNBELIEVABLE.  This is after a one year grace period to allow the web designer community time to look at its options.

So much has been written about this that I don’t want to add to the tsunami of comments but in essence the ICO has said VERY VAGUELY that it doesn’t consider a cookie dropped onto your device from Google Analytics as intrusive whereas previously it was.  Also they are suggesting that “implied consent” is reasonable.  This is a huge change which seems to pass responsibility to the user not the web site operator. There’s a good article in the Guardian that’s worth a look if you’re interested in the detail.

So do you need a cookie notifier on your site?

The short answer is yes. Although the law has been diluted it’s just opinion from the ICO, you will still be in contravention of EU law without this as it clearly states an opt in policy includes cookies from analytics packages.

In reality it’s a tough call and one that’s down to the individual web site owners.

What you MUST do is add a cookie paragraph into your privacy policy, see our Privacy Policy here.  You should also get a cookie audit done on your web site or Blog so you can list the cookies you use in your privacy policy.

I’ve seen many implementations of a cookie opt in system and haven’t liked any of them until now.  I’ve installed a simple system onto my own blog which you might have seen. It’s not intrusive and does not stop you using the site if you can’t be bothered to click on the button. If you’d like to have this installed on your site please drop me an email at alan.tomkins@wsiwbm.co.uk  It costs a £50 onetime charge to install and removes any worries about getting caught by the EU bureaucrats .

A number of my customers have asked me to explain the new UK and EU cookie laws in laymen’s terms so here’s my best shot. I’ve also included a short list of actions you might want to consider taking to protect your business that won’t cost a great deal to implement.

Firstly, and most importantly, you need an understanding of what a cookie is in Internet terms. In essence it’s a small text  file that a web site downloads to your computer when you go onto and surf through the site. The cookie goes into a cookie folder on your computer. If you have a look at this folder now you’ll be surprised at how many of these you already have on your system.

To get a view on how useful they are you can delete ALL your cookies (under options in your browser) and see the effect on your browsing. You will need all your usernames handy as when you ask a site to remember you it does so with a cookie.

So why have the bureaucrats decided they are harmful? Here’s the problem, most cookies are harmless and are designed to make our lives easier. For example if you are on a shopping site and are halfway through a purchase and a friend comes to the door, it’s likely that while you’re chatting your shopping cart session will time out. This means that when you get back to your computer you have to start again. If that site uses a cookie to tell your computer where you were in that process then when you log back into your secure account the shopping process will take you back to where you left off. Pretty useful?

Another very common use of cookies is in website analytics that use on page scripts. These include Google, Yahoo, Omniture, WebTrends, and many more. These products track your use of the web site but do not store any personal information. Their sole purpose is to allow us geeks to look at how you as users are interacting with our site and use the information to improve the site and therefore make it easier to do business with us. Overall a good use of cookies.

There are a few more common uses like your CMS, forms, and others, but let’s skip to the bad stuff.

Have you ever been online and shown an interest in something, perhaps looked at several products doing research, or started to make a purchase and decided against it? Then as you are surfing about later advertisements appear for exactly the products you are interested in, even days or weeks later? Coincidence, of course not! This is done using tracking cookies and these are the main perpetrators the new laws are trying to stop.

The legislations goal is well intended but the problem is a difficult one to address so they chose a sledgehammer to crack this particular nut making useful cookies into demons and therefore penalising everyone for the sake of a few.

Ironically if you look at the ICO website there is no “Reject” option. You can only “agree” to have cookies used so what’s the point? We are all going to click on agree if only to get rid of the stupid box or because we have no idea what a cookie is. It’s all a bit poorly thought through.

So what should you do?  DON’T PANIC! Firstly you have until April 2012. But here are 3 actions you should do as soon as you can:

1. Get your web designer to list or audit all the cookies your site uses and list them in your privacy policy like the ICO have done. 
2. Consider which of these cookies are no threat to privacy and which are an intrusive threat to privacy. You will need a policy if you have cookies at the latter end of the scale.
3. Read a copy of the ICO guidelines

The ICO are currently working with browser developers to see if functionality can be added to address this issue here. No action will be taken against any web sites until this route is complete.

If a complaint is received against your business you will need to show what you are doing to adhere to these new laws. Go back to points 1 to 3.

I would advise that all companies carry out points 1 to 3 at this stage but wait for a few months or so and see how the browser developers react. You should also find out what developers for your web sites platform (WordPress, Adobe, DotNetNuke, etc.) are doing. There are already low cost plugins for WordPress addressing this issue.

The penalty for breaking the Privacy and Electronic Communications Regulations is a fine of up to £500,000. These regulations also apply to unwanted email marketing, live and automated phone calls and texts.

This legislation is there to stop the bad guys. If you are adhering to ecommerce and distant marketing best practices you have nothing to be concerned about.

This has to be one of the most poorly thought out pieces of legislation ever to come out of Brussels, and that’s a tall order.

The information commissioners web site is now live with a cookie opt in message. Even if you can understand what it means the way the message is phrased leaves you with little option but to opt in after reading this line “You may delete and block all cookies from this site, but parts of the site will not work”

To say the cookies opt in box is ugly would be kind but it’s not the aesthetics that are a concern. The law has been implemented to stop companies tracking your browsing habits and therefore gathering information about your interests and browsing habits. This is a worthy ambition but without cookies  web site ecommerce checkout functionality, most analytics tools and many if not all content management systems are unable to work.

Ironically the way the ICO site knows you’ve ticked the box allowing cookies is with a cookie. If you don’t tick the box it appears on every web page making your user experience poorer for it being there. Nag messages were the scourge of the internet 10-15 years ago, is this really progress?

You can see the announcement about the planned changes on the ICO website here.

We all have until April 2012 to comply with this legislation. I am sure the bulk of the internet community is hoping there will be some changes before then but I’d be surprised, Brussels aren’t known for speed of action or backtracking, but we live in hope.