The EU’s Half-Baked Cookie Law Goes into Effect Tomorrow for the UK
Well, the European Union, it seems.
Tomorrow marks the day when websites based in the UK are “technically” supposed to be compliant with the new Privacy and Electronic Communication Regulations (in order to be in line with the EU’s e-Privacy Directive).
Although commonly referred to as the “cookie law,” the regulation reaches beyond web cookies and is meant to increase transparency about user tracking. In short, the law requires website owners to get permission to track the activity of users on their site unless the tracking is vital to the operation of the site, as would be the case for keeping items in a shopping cart, for example. In circumstances such as these, consent may be implied. (More on this distinction later.)
Why is D-Day Only “Technically” Tomorrow?
So, why did I say tomorrow “technically” marks the day for compliance? Well, except for in some egregious cases where complaints are received, or perhaps for a handful of the larger players, it looks as if this cookie law may have no real byte. (Do you really want to know how many puns I can squeeze into one sentence?)
According to an article on ZDNet UK, deputy information commissioner David Smith from the Information Commissioner’s Office (ICO) said recently, “All we are doing is removing the moratorium, so that any non-compliance is considered as non-compliance. It’s most unlikely that cookie’s non-compliance will attract monetary penalties, unless you have reached criteria about a serious breach or have caused substantial distress.
“Enforcement is likely to be enforcement notice, which places a requirement on an organisation to stop using cookies.”
On top of this, according to a report by the BBC, it turns out that “the ‘majority’ of the UK government’s own websites will fail to comply in time.” Perhaps they’ve already got too much on their plates. (Sorry.)
How to Comply with the Cookie Law
Although it looks as if this law may have no real consequences for the time being, eventually there may come a day where its enforcement is taken more seriously. Technically, one could face up to £500,000 in fines. That’s a lot of dough for a few cookies. (Sorry again. I’ll stop.)
Of course there may also come a day when no one will ever remembered the law was created.
The ICO has put out a PDF guide for compliance that is fairly straight-forward and easy to digest. (Did you really think I’d stop?)
We’ll go over a few of the more important points from the PDF if you still have the appetite for it.
First is the idea behind the law itself:
(From the PDF)
a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal equipment-
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR)
Your responsibilities as a website owner:
(From the PDF)
Those setting cookies must:
- tell people that the cookies are there,
- explain what the cookies are doing, and
- obtain their consent to store a cookie on their device.
Exceptions to the requirement:
(From the PDF)
There is an exception to the requirement to provide information about cookies and obtain consent where the use of the cookie is:
(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or
(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.
And finally, some examples of “likely” exceptions and “unlikely” exceptions:
(From the PDF)
Of course some clever plugin developers have already cooked up some WordPress plugins that will try to help you gain consent from your visitors. I found a few, and no doubt there will be more.
1. Cookie Law Info Plugin – This ads a bar to the top of your site.
2. Cookie Warning Plugin – This presents your visitor with a pop up upon arrival.
No More Fun
OK, no more puns and no more fun. Now it’s time for you to go off and decide if you need to start complying with these new laws. For now, it seems that probably only those in the UK will have to look into all this a little more closely. But there may come a day when countries outside of Europe begin adopting similar laws.
It’s not fun — no. But it is becoming reality. It’s simply something website owners will have to deal with. And you know what they say: If you can’t stand the heat ….
Photo: Group Of Chocolate Chip Cookies from BigStock