Many businesses that I talk to are raising concerns about the changes to the European Directive of 2002 and how the new European e-Privacy directive which came into force on 25th May about the use of internet "cookies" and the knock on effect to their businesses.
So, what is it all about?
Cookies are text files that are widely used to help users navigate faster around sites they visit regularly. To comply with the current UK law on the use of cookies you should:
- include a link to your privacy policy on all pages;
- explain in that policy how and why you use cookies; and
- include a link in your policy to www.aboutcookies.org so that your visitors can access instructions on deleting and controlling cookies.
The new European e-Privacy Directive however, demands that "explicit consent" must be gathered from web users who are being tracked by the use of "cookies". The main thrust of the changes seem to be designed to prevent consumer focused websites using third party cookies to drive behavioural based advertising, however, all websites are being impacted by this directive.
Compliance with the new directive is likely to see many more pop-up windows and dialogue boxes asking the user to let sites gather data. This raises concerns for businesses who believe users will be confused by the changes; their user experience will be adversely affected and may lead to a reduction in website traffic and even a loss in business.
The Department for Culture, Media and Sport (DCMS) are drawing up details of the exact steps businesses have to go through to comply with the law to gain consent from customers and users, however, the technical solution is not likely to be available by May 25th.
Ed Vaizey, Minister for Culture, Communications and the Creative Industries said he recognised the delay "would cause uncertainty for businesses and consumers" and added "we do not expect the Information Commissioner's Office (ICO) to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies".
Businesses do, however, need to start considering how they will communicate with customers to get consent and look at the technical steps that might make that process easier. Gathering consent by changing settings on browsers may not be sophisticated enough for the demands of the directive.
In a recent article by Outlaw.com entitled "Cookie Laws", they recommend following the view advocated by the IAB Europe which suggestsp>
quot;there may be no changes made to their websites, which will continue to rely on browser settings. There will be a risk of enforcement action, but that is a risk that many businesses will consider worth taking on the basis that compliance will compromise the user experience on their websites, and non-compliance, at least in their view, is unlikely to cause actual harm to website visitors.p>
In our view the approach advocated by IAB Europe is good for businesses and also for consumers. It prevents consumers being presented with potentially confusing information and it avoids an obstacle to website usability. However, it is also unlikely to comply with the new Directive.p>
Following the approach of the Article 29 Working Party is safer, in our view. That will likely necessitate 'landing pages' that give users information about the website's use of cookies."
There is no doubt about it this issue is causing confusion for business. In the short term the advice offered by the IAB appears to be a pragmatic solution for businesses until the work on regulations by the DCMS is complete.
However, whilst technically all businesses must comply with the law the UK has said that it needs more time to find a workable solution. To this end the Information Commissioner's Office (ICO) is offering one years grace to UK online businesses. This will provide the working group formed by the government the opportunity to find a "business friendly" solution to the problem.