We’ve had a lot of enquiries from customers asking how the new EU cookie law affects their websites and what they have to do to comply. We’ve written a quick guide on what the EU cookie law is and what (if anything) you need to do.
What is this EU cookie law I keep hearing about?
Last May a law was passed stating that all websites dropping non-essential cookies on visitors’ devices have to declare it publicly and ensure visitors acknowledge and agree with them to continue browsing the website. If you/your business resides within the EU, you have until the 26th May 2012 to implement your solution on your website(s). The most important thing to know is that if your website doesn’t comply with the new law, you can potentially be fined up to £500,000.
Not sure what a cookie is? Take a look at this Wikipedia article to find out more.
Is the law associated with me or the location of my web host?
The law is linked to you/your business, so even if you have a .com website with an American audience, you still need to comply with regulations if you/your business is based within the EU. The law applies to all domain name extensions regardless of their association with a particular country or region.
My website is a personal site, do I still need to comply?
Even if your website is non-commercial, you should still comply with the EU cookie law if you drop non-essential cookies.
Where can I find out more about the law and how websites are implementing it?
• AboutCookies.org’s information on the new law
What are the exceptions to the new law?
Pretty much every site drops cookies of some description. If you have Google Analytics installed, your website drops cookies. If you have any affiliate links or use Google Adsense or any other advertising networks, your website drops cookies.
The law only applies to ‘non-essential’ cookies that aren’t required for your website to function. So, for example, if you run an online store and cookies are used so your customers can add products to their basket and checkout, you don’t need to conform to the new EU cookie law regulations. However, if you track visitors via a tool like Google Analytics as well, you will need to explicitly tell your visitors that cookies are in use on your site.
Some of the likely exceptions to cookie compliance are provided below:
Taken from ICO’s Guidance on the New Cookies Regulations PDF.
So, what steps do I need to take for my websites?
There’s no one solution to comply and the guidelines that are provided are quite vague, causing a lot of confusion and more difficulties for website owners who want to comply but are unsure what to do. Because there are so many types of websites using unlimited combinations of cookies, there’s no one size fits all solution. It all comes down to what kind of website you have and what cookies are in place.
1. Check the cookies in use on your website
If you aren’t sure about the cookies you use on your website, check out the detailed information provided in ICO’s PDF or use one of the many third party tools available, such as:
• Attacat’s Cookie Audit Tool
• EU Cookie Directive WordPress Plugin (shows the cookies in use within the admin panel).
Please be aware that you should check every page of your website and that not all third party tools are completely accurate.
2. Implement a solution
There are plenty of solutions on offer; we’ve done the work for you and found several easy to use free solutions:
Once you’ve accepted, the box disappears and the triangle turns green.
EU Cookie Directive WordPress Plugin:
Once you activate the plugin, this customisable message appears at the top of your website
In your dashboard, you can see and even add comments to your site’s cookies
CookieQ’s Cookie Consent Button:
Whether you implement one of these solutions or opt for another one entirely, the message should appear on every page of your website. If you have a static website that isn’t run on a template or CMS, you may want to look into adding it via a PHP include.
Cookie Monster image courtesy of Bacteriano on Flickr