Cookies have always been used since the dawn of website time to help improve the user experience. They also conveniently provide website owners with invaluable information pertaining to the users of their site. We’re not talking their home address or what their favourite pizza topping is, but information which can help to generate some more generalised statistics to aid in targeted advertising and to improve the functionality of the site.
If you own a website which doesn’t deal with sensitive data then simply take one of the following two steps.
- Install a box which can appear informing the user that this website enables cookies and that consent is implied if you continue to browse the site. (The assumption is made that if you are happy to browse knowing that cookies are used, that you are happy to allow cookies.)
However, if your website deals with sensitive data greater precautions would need to be taken. In order to clarify this we engaged the advice of Cloud & Commercial Lawyer, Frank Jennings from DMH Stallard LLP.
Frank advises that users who are browsing websites for research or social purposes are not at risk of their information being misused by website owners or leaving it at risk of being accessed by malicious of characters. Cookies can actually enhance the user experience in this instance.
However he does recommend that users need to be much more conservative about divulging their sensitive personal data, for example, when looking to diagnose a medical condition online or expressing a political or religious preference or even information about trade union membership. Website owners collecting and using this type of information together with cookies must obtain the user’s express consent to this and must keep the data secure.
Are things a little clearer? Just remember…
- Give your users the option to opt in or out of allowing cookies.
- If you are dealing with sensitive data then make sure you reassure your visitors that cookies are in place but certain levels of protection are implemented to ensure the security of this data.
- If you do this you won’t risk being stung with a nasty fine and you will be demonstrating to your users that you are adhering to the PECR Directive.
N.B. We are not legal specialists and as such would always recommend that you seek the advice of a qualified source such as Frank Jennings. Contact him at email@example.com and for more information about his new data security report visit http://www.dmhstallard.com/data_security