The EU Cookie Law - An Overview

Like me I am sure you have heard a lot of talk recently about this new EU Cookie Law, and probably like me when you first heard about it you added it to your 'To think about later' pile.

Unfortunately for all of us we no longer have the luxury of thinking about it later, the law is upon us and we may need to act on it. The purpose of this micro-site is to inform and arm you so that you can firstly decide if you need to do something, and secondly easily action something to do.

What is the EU Cookie Law

Essentially the EU Cookie Law is the EU e-Privacy Directive that is set to come into action on 26th May 2012 and what it means is that you have to get your visitors informed consent before placing a cookie on their machine. Here is a video explaining the EU Cookie Law and here is a link to the ICO website detailing the law.

What is a Cookie?

A cookie is a small text file that a website can store on your computer to help keep track of different things, like if you want to stay logged into a website, or your preferences within a website. You can read more about them on this HTTP cookie Wikipedia article.

What is the fuss?

Because cookies are just text files, they can be used to store pretty much anything the website author wants to store, which can cause many privacy concerns. Things like the Facebook 'like' button that can be used by Facebook to track people on websites other than Facebook have escalated the issue.

Is it just cookies?

No - The law also affects anything that acts like a cookie, for example:

  • Flash Cookies
  • HTML5 Local Storage

The ICO has said that it isn't good enough to just re-implement the tracking some other way outside of cookie storage.

The EU Cookie Law - Tooling Up

There are really two things you are going to really need before getting your site ready for this law.

  1. To know what cookies you store
  2. To know what stored cookies fall within the remit of this law

What cookies does my website store?

Ideally your webmaster will know this information, but with so many people relying on third-party tools to make websites it is my experience that you never really know what cookies your own site might be storing.

The best way I have found for finding out what is left behind is to clear all your cookies then use your site, visit each page and complete each action, once you have done this view your cookie information - how you view this information will depend entirely on the web browser you are using, here are some of the more common ones.

Google Chrome

  1. Click on the spanner icon.
  2. Click on 'settings'.
  3. Click on 'Under the Hood'
  4. Click on 'Content Settings'
  5. Click on 'All Cookies and Site Data…'
  6. Browse to your URL and take a look

Firefox

  1. Click on 'Preferences'
  2. Click on 'Privacy'
  3. Click on 'remove individual cookies'
  4. Browse to your URL and take a look

What do I do with the cookies that I do store?

The first thing you should do is stop producing cookies for anything that you do not need, over years of development a website could be leaving things all over the place and if you have anything you can remove you should.

With any other cookies you have left you should classify them appropriately as this will determine if you need to comply or not.

How should I classify my cookies?

You should classify your cookies into four categories:

  • Essential - Required for your website to function, for example to mark someone as being logged in.
  • Non-Essential but harmless - Not essential to core functionality but doesn't get used for tracking a user
  • Fairly Intrusive - Used to track people but do not provide personally identifiable information, for example Google's Analytics
  • Very Intrusive - Used to track people and provide personally identifiable information

What should I do with each type of cookie?

Once you have classified your cookies you will need to plan your next move based on what category they fell into.

One thing you will need to do for any and all cookies is provide some way for people to read about what you are doing, this is normally done as part of a privacy policy, which can be a lengthy document or in the case of this site - a short paragraph at the bottom of the page. This policy should be as easy to read as possible.

Essential

You do not need to do anything with these, if they are required for the site to function then they fall out of the remit of this law.

Non-Essential but harmless

You should question why they are being used on your site and if you can use some other technology to achieve the same result, technically these fall within the remit of the EU Cookie Law so you should allow people to opt-out, although it has been mentioned by the ICO now that implied consent is allowed.

Fairly Intrusive

You should consider that these might start to land you in trouble if you do nothing, make 100% sure you have documented their existence in a privacy policy and consider following the actions for a Very Intrusive cookie.

 

Spletna stran uporablja piškotke z namenom zagotavljanja spletne storitve in funkcionalnosti, ki jih brez piškotkov ne bi mogli nuditi. Z obiskom in uporabo spletne strani soglašate s piškotki. Več o možnih nastavitvah piškotkov si lahko preberete tukaj.

Kako bi vam omogućili bolje korisničko iskustvo, ova stranica sadrži kolačiće (cookies). Više o "cookies" (kolačićičima) i kako ih onemogućiti saznajte tu.

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of the site have already been set. To find out more about the cookies we use and how to delete them, see our privacy policy.

Z zgoraj navedenim Sa gornjim tekstom I read the terms and