Wednesday, 25 April 2012
Return of the cookies monster
If your website is accessed by European users, you will have to comply with the new rules regardless of where your business is located. You have two key obligations: (i) inform users that you are using cookies and their purpose; and, (ii) obtain users’ informed consent to store cookies on their hardware - you must obtain that consent before the cookie is set or soon after the user has accessed your website.
Those looking for an exemption are advised these are limited: for example, cookies used to facilitate secure online banking are exempt. The ICO has stated it will take a dim view of those that ignore the new rules and may fine businesses for non-compliance.
There are a number of simple steps you can take to keep within the law. These include:
Talking to your web designer about adapting your log-in page or adding headers, footers or pop-up boxes. Users only need to provide informed consent once so consider a tick-box.
Ensuring that your website carries a prominent notice about cookies and their use and refer users to a section of your website that tells them about the way cookies operate and the types used.
Reviewing and implementing the guidance from the ICO and the businesses’ organisation, the International Chambers of Commerce.
If you would like any further advice, please contact Frank Jennings or John Yates.
This article was first published in South East Business Magazine, May 2012.