Cookie Law FAQ
What are cookies?
Cookies are also known as browser cookies or tracking cookies and are small, often encrypted, text files located in browser directories. They are used to help users navigate a website efficiently and perform certain functions.
Some of the most common functions using cookies are:
- Logging into a website
- Buying goods online
- Personalised adverts
- Tracking data using Google Analytics
Why has the law been changed?
The law has been designed to protect the privacy of internet users – even when the information being collected about them is not directly personally identifiable. The changes are a response to increasing concern about online tracking and the use of spyware.
An example of this type of tracking is personalised advertising – where a retailer can use data about what you have looked at online to advertise related products to you when you are visiting a different website.
How does the law affect my website?
The new rules are not designed to restrict cookies as such, they are intended to prevent cookies being used to store information on people’s computers and recognising them via the device they are using, without their knowledge and agreement.
Using cookies is therefore not prohibited by the new regulations, but they do require that people are told about cookies and given the choice as to which of their online activities are monitored.
All websites are now required to offer users the chance to opt out of cookies. This is what the legislation states:
“a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal equipment-
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR)”
(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or
(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.
This means that e-commerce websites will be able to carry on using cookies for transactions without consent. Other cookies that are likely to be exempt from the legislation include security cookies (e.g online banking) and cookies that speed up loading of data.
Shortly after the new legislation was announced, the regulations were amended to allow ‘implied consent’ for other cookies, such as first and third party advertising cookies, cookies used to recognise a user when they return to a site (in order to display personalised information) and analytical data cookies, e.g Google Analytics.
What do I need to do next?
You will be required to display a message on your site asking users if they wish to opt-out of cookies. The message must:
tell people that the cookies are there,
explain what the cookies are doing, and
obtain their consent to store a cookie on their device
What happens if a user opts out of cookies?
Due to their core role of enhancing or enabling usability or site processes, disabling cookies may prevent users from using certain parts of a website. This is why e-commerce sites and websites requiring a log-in are exempt from the regulations.
It is crucial that any opt-out message you decide to display will make users aware that cookies could affect how they use your website in a negative way. You may also need to be prepared to deal with some additional customer enquiries from users that have opted out of cookies and are now finding it difficult to use your website. Please note that users can re-enable cookies by changing their browser settings.
It is possible that Google Analytics tracking data could be affected by users opting out of cookies, and visits may appear artificially low. We anticipate that Google will work to resolve this and the eMarketing team will inform users of any long term changes to Google Analytics policy.