What to do about the new EU cookie law | Heart Internet Blog – Focusing on all aspects of the web

We’ve had a lot of enquiries from customers asking how the new EU cookie law affects their websites and what they have to do to comply. We’ve written a quick guide on what the EU cookie law is and what (if anything) you need to do.

What is this EU cookie law I keep hearing about?

Last May a law was passed stating that all websites dropping non-essential cookies on visitors’ devices have to declare it publicly and ensure visitors acknowledge and agree with them to continue browsing the website. If you/your business resides within the EU, you have until the 26th May 2012 to implement your solution on your website(s). The most important thing to know is that if your website doesn’t comply with the new law, you can potentially be fined up to £500,000.

Not sure what a cookie is? Take a look at this Wikipedia article to find out more.

Is the law associated with me or the location of my web host?

The law is linked to you/your business, so even if you have a .com website with an American audience, you still need to comply with regulations if you/your business is based within the EU. The law applies to all domain name extensions regardless of their association with a particular country or region.

My website is a personal site, do I still need to comply?

Even if your website is non-commercial, you should still comply with the EU cookie law if you drop non-essential cookies.

Where can I find out more about the law and how websites are implementing it?

ICC’s UK Cookie Guide

SilkTide’s great guide to the cookie law

• AboutCookies.org’s information on the new law

MyCustomer.com’s The final countdown: Four tips to comply with the EU cookie law in time

Econsultancy’s EU cookie law – three approaches to compliance

Econsultancy’s solution to EU e-privacy directive compliance

What are the exceptions to the new law?

Pretty much every site drops cookies of some description. If you have Google Analytics installed, your website drops cookies. If you have any affiliate links or use Google Adsense or any other advertising networks, your website drops cookies.

The law only applies to ‘non-essential’ cookies that aren’t required for your website to function. So, for example, if you run an online store and cookies are used so your customers can add products to their basket and checkout, you don’t need to conform to the new EU cookie law regulations. However, if you track visitors via a tool like Google Analytics as well, you will need to explicitly tell your visitors that cookies are in use on your site.

Some of the likely exceptions to cookie compliance are provided below:

Taken from ICO’s Guidance on the New Cookies Regulations PDF.

So, what steps do I need to take for my websites?

There’s no one solution to comply and the guidelines that are provided are quite vague, causing a lot of confusion and more difficulties for website owners who want to comply but are unsure what to do. Because there are so many types of websites using unlimited combinations of cookies, there’s no one size fits all solution. It all comes down to what kind of website you have and what cookies are in place.

It’s not enough to simply update your privacy policy or terms and conditions. A user must explicitly accept cookies in order for you to legally use non-essential cookies on your website.

1. Check the cookies in use on your website

If you aren’t sure about the cookies you use on your website, check out the detailed information provided in ICO’s PDF or use one of the many third party tools available, such as:

• Attacat’s Cookie Audit Tool

CookieLaw.org’s Cookie Audit

CookieCert

• EU Cookie Directive WordPress Plugin (shows the cookies in use within the admin panel).

Please be aware that you should check every page of your website and that not all third party tools are completely accurate.

2. Implement a solution

There are plenty of solutions on offer; we’ve done the work for you and found several easy to use free solutions:

Cookie Policy:

Cookie Control:

On visiting a website, the box appears in the bottom left or right of your website, asking you to accept the use of cookies.

Once you’ve accepted, the box disappears and the triangle turns green.

EU Cookie Directive WordPress Plugin:

Once you activate the plugin, this customisable message appears at the top of your website

In your dashboard, you can see and even add comments to your site’s cookies

CookieQ’s Cookie Consent Button:

Whether you implement one of these solutions or opt for another one entirely, the message should appear on every page of your website. If you have a static website that isn’t run on a template or CMS, you may want to look into adding it via a PHP include.

In addition to these methods, you may also want to update your privacy policy and/or terms and conditions. Tint Network has an easy to read privacy and cookies policy which they are happy for people to use as a template.

Cookie Monster image courtesy of Bacteriano on Flickr

 

Comments

Please remember that all comments are moderated and any links you paste in your comment will remain as plain text. If your comment looks like spam it will be deleted. We're looking forward to answering your questions and hearing your comments and opinions!

Got a question? Explore our Support Database. Start a live chat*.
Or log in to raise a ticket for support.
*Please note: you will need to accept cookies to see and use our live chat service