What is a “Cookie”?
A cookie is a small text file, normally just comprising of a few letters and numbers, downloaded onto a user’s computer or device when they’re browsing a website. These cookies are sent back to the originating website on each subsequent visit and can help websites personalise the experience for visitors, such as keeping them logged-in or saving their preferences.
For example, the BBC Weather website allows visitors to save their desired location (e.g. Southend-on-Sea, Essex) and show them the weather forecast in this area on each subsequent visit. This happens because the BBC website has saved a cookie on the visitor’s device, then loads this cookie again whenever the visitor returns to personalise their experience.
Cookies are also often used by website owners for analytics purposes, such as reporting how many times a visitor has returned to the website and what pages they’ve visited.
Common Sense approach to the EU Cookie Law
A more common sense approach, however, has been adopted by many high-profile websites, who now add a more discreet notice to their pages. For example, Marks & Spencer simply add a small “cookie” link in the footer of their website. The electrical retailer Currys follow the same principal.
A slightly more visible approach is used by Thomas Cook on their website, who have put the link at the top of their page, whilst Expedia (see below) have also chosen to include a simple link in the website’s header, but with an icon beside it.
Other websites have used a banner approach, which either loads at the top or bottom of the screen, which seems to the most cautious method.
You can see a great list of examples of what various other big names have implemented on their own websites by seeing Econsultancy’s EU cookie law report.
Advice from the Information Commissioner’s Office on analytics cookies:
Lots of websites use visitor tracking services, e.g. from Google Analytics or StatCounter. What do the regulations mean for these types of cookies?
It’s well worth reading the advice given by the Information Commissioner’s Office (ICO), who are the body enforcing these regulations in the UK. The last update (at the time of writing this blog) was published in 2012.
The ICO say:
The approach used by Marks & Spencer, Currys, Thomas Cook and Expedia, in our examples above, appears to be acceptable.
Pop-ups or similar techniques such as message bars or header bars might initially seem an easy option to achieve compliance… but it’s also one which might well spoil the experience of using a website if not implemented carefully.
The ICO adds:
In practice we would expect you to provide clear information to users about analytical cookies and take what steps you can to seek their agreement. This is likely to involve making the argument to show users why these cookies are useful. Although the Information Commissioner cannot completely exclude the possibility of formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals. Provided clear information is given about their activities we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action.
The advice we’re giving to our own clients…
Firstly, we must make this very clear – Primary Image Ltd is not qualified to offer any legal advice!
We did, however, listen to a talk by one of UK’s leading digital solicitors – Peter Wright – at the recent WordCamp Sheffield conference and he gave some useful advice on what the EU Cookie Law means today. (Out of interest, you can see Peter’s slides that’s he uploaded, which mainly cover social media law, but unfortunately you won’t hear his very interesting commentary to some of these cases!). His view was that obtrusive cookie banners are not the only option for website owners.
For our clients at Primary Image, we have provided a sample template as a guide, however we strongly recommend website owners take their own professional legal advice. We’re currently offering two different options to our clients, which are:
In summary, the EU e-Privacy Directive isn’t as scary as some people make out and you don’t need to let it take over your website. Have a look at what some of the largest UK brands are doing with their websites. Most likely, they will have consulted their top legal advisers to find a solution that they believe is compliant and the best for their visitors, so doing something similar could be suitable for your website!
I came across this cookie banner on lingscars.com, which is a highly amusing website! The lady behind this company appeared on the BBC’s Dragons’ Den programme a few years ago and she’s certainly a character!
Mike founded Primary Image in 2010. He specialises in the WordPress website platform and speaks regularly at national web design conferences. Mike became a member (MCIPR) of the Chartered Institute of Public Relations in 2015.
Interesting article which raises a couple of questions:
1. How do I find out what cookies my website has?
2. Where do I find out what they do?
3. Who sets them?
4. How do I find out how long they’re on there for?
I’ve been on the ICO website. They have a popup which lists what cookies they have and what their function is (informative) but they don’t say where to get this information from.
Can you advise, please?
Hi Shan – if you use the Chrome browser, you can install an extension called the “Cookie Audit Tool’ which allows you to see what cookies are being served. There’s also this online tool which allows you to check your home page for free (amongst others if you search for something like “cookie audit”) – http://www.onlinecookieaudit.com – and that will answer 1 / 3 / 4. In terms of what a specific cookie does, some of these online services will help classify their purpose, but by looking at the cookie names you can normally work out what they do. Mike
You can also use http://www.cookiebot.com – they have a cookie-scanner at their front page.