In his recent half-term update Christopher Graham, the Crown appointed Information Commissioner, stated that UK businesses "must try harder" to comply with EU cookie regulations.
If you're unfamiliar with these directives they can be summed up in this one statement from the Information Commissioner Office (ICO):
"The Regulations make clear that UK businesses and organisations running websites in the UK need to get consent from visitors to their websites in order to store cookies on users’ computers."Protecting the privacy of web visitors is the key aim of the legislation and despite my personal reservations in its suggested implementation, I agree that we need greater transparency of how visitor tracking is handled.
Being compliantWithin the ICO's guidance document they advise that businesses follow these three starting steps:
3: Decide what consent is required for your cookies and begin designing a solutionChristopher Graham appears to be very pragmatic. He wants to see organisations moving towards compliance rather than achieving it overnight. Reading between the lines in his article, if your organisation was to be investigated; evidence that you understand the rulings, know what cookies you're dropping and that you have plans to put a consent solution in place will be enough (for now)!
ConclusionThere is no need to panic and turn off all your cookies.
Whilst the guidance is strict, it is being enforced sensibly by the ICO. They're unlikely to come banging on businesses' doors yet with fines unless there are reports of serious violations. Even then, if you can prove that you're doing something about it, you're unlikely to be whacked with one of the £500,000 fines.
Start with a simple audit of your website's cookies. Ensure that you understand why they're used and what for. Also read and discuss the ICO's guidance document (http://www.ico.gov.uk/news/latest_news/2011/~/media/documents/library/Privacy_and_electronic/Practical_application/guidance_on_the_new_cookies_regulations.ashx) with your web team. Work out what solutions would work for you and how major the technical challenges will be.
Further reading:http://www.ico.gov.uk/news/latest_news/2011/~/media/documents/library/Privacy_and_electronic/Practical_application/guidance_on_the_new_cookies_regulations.ashx http://econsultancy.com/uk/blog/8515-cookies-compliance-my-take-on-latest-guidance-from-ico http://www.ico.gov.uk/news/blog/2011/half-term-report-on-cookies-compliance.aspx http://www.ico.gov.uk/news/latest_news/2011/must-try-harder-on-cookies-compliance-says-ico-13122011.aspx
Photo by edwardkimuk