We are conducting business as usual – please see our COVID-19 statement here

The Way the Cookie Law Crumbles

Share on facebook
Share on twitter
Share on linkedin

Cookies have always been used since the dawn of website time to help improve the user experience. They also conveniently provide website owners with invaluable information pertaining to the users of their site. We’re not talking their home address or what their favourite pizza topping is, but information which can help to generate some more generalised statistics to aid in targeted advertising and to improve the functionality of the site.

Since the change in the law concerning the use of cookies, website owners have started to panic as threats of fines of £500,000 for non compliance began to circulate the web. But the panic is unnecessary as compliance can be easily achieved in one of two ways.

If you own a website which doesn’t deal with sensitive data then simply take one of the following two steps.

  1. Install a check box which appears on the screen which makes visitors aware that they are accessing a site which employs the use of cookies. In the box direct them to either check the box to approve or deny that they are aware of this and would like to continue. Alternatively you can:
  2. Install a box which can appear informing the user that this website enables cookies and that consent is implied if you continue to browse the site. (The assumption is made that if you are happy to browse knowing that cookies are used, that you are happy to allow cookies.)

Both of these options will show you have actively made your customers aware that your site uses cookies. It is also worth constructing a privacy policy page which further clarifies what the cookies you obtain are used for and how. Giving your customers/browsers peace of mind, will save you a lot of emailing in the long run.

However, if your website deals with sensitive data greater precautions would need to be taken. In order to clarify this we engaged the advice of Cloud & Commercial Lawyer, Frank Jennings from DMH Stallard LLP.

Frank advises that users who are browsing websites for research or social purposes are not at risk of their information being misused by website owners or leaving it at risk of being accessed by malicious of characters. Cookies can actually enhance the user experience in this instance.

However he does recommend that users need to be much more conservative about divulging their sensitive personal data, for example, when looking to diagnose a medical condition online or expressing a political or religious preference or even information about trade union membership. Website owners collecting and using this type of information together with cookies must obtain the user’s express consent to this and must keep the data secure.

In the event that users of your site are not happy to allow the use of cookies then the result is simple, direct them to their browser settings whereby they can specify what information may or may not be gleaned from the using of said web page. There are two issues with this, one for you and one for the user. The first is users who need to change their browser preferences will find the process time consuming and complicated and as a result their browser experience will suffer dramatically as a consequence. The second is that you as a website owner will not be able to target that customer further.

Are things a little clearer? Just remember…

  1. Give your users the option to opt in or out of allowing cookies.
  2. Explain in your privacy policy how the cookies and user information are used.
  3. If you are dealing with sensitive data then make sure you reassure your visitors that cookies are in place but certain levels of protection are implemented to ensure the security of this data.
  4. If you do this you won’t risk being stung with a nasty fine and you will be demonstrating to your users that you are adhering to the PECR Directive.

N.B. We are not legal specialists and as such would always recommend that you seek the advice of a qualified source such as Frank Jennings. Contact him at frank.jennings@dmhstallard.com and for more information about his new data security report visit http://www.dmhstallard.com/data_security

Speak with a SpecialistGet a User Experience Audit