New EU Regulations on Cookies, What Do They Mean for Your Site?

On the 08th March 2011 the UK Information Commissioner, Christopher Graham, announced that businesses and organisations must “wake up” to the fact that soon to be implemented EU legislation means they will have to gain consent from users to access or store information on a users computer. The most common method of doing this is through the use of cookies. Not the tasty, crumbly ones that many of you may well have given up for Lent but rather the small files stored on your computer by a website that you visit. The file may store information about your user preferences, or payment details to help make subsequent visits a smoother experience.

The concern is that they can also be used to track a users activities and that a website users may not actually realise that cookies are being installed on their machine or what their purpose would be. Many internet users do not even know if they have cookies enabled or disabled. I bet at least one person who reads this thinks “I can enable or disable cookies?”. Don’t worry if you are that person, you are not alone.

What kind of sites use cookies, pretty much any e-commerce site will use them as do many content management systems. The vast majority are harmless, but there are also some malicious ones out there, these are known as “zombie cookies”. Though not actually a virus they cannot be deleted permanently from your system as each time you do a new version of the cookie is recreated by a separately stored script.

On the 25th May the EU’s Privacy and Electronics Communications Directive will come into force. This will require UK businesses and other organisations to obtain explicit consent from their website visitors before they can store and retrieve usage information from the visitors computer.

In the UK the implementation of the Privacy and Electronics Communications Directive is being handles by The Department for Culture, Media and Sport and it will be the Information Commissioner’s Office that will be responsible for regulation.

Commenting on the Directive, Minister for Culture, Communications and the Creative Industries, Ed Vaizey, said:

“Revisions to the e-Privacy Directive will provide consumers with more choice and control over their internet experience. But at the same time we need to make sure these changes do not make using the internet more difficult”

It has been recognised that few businesses are likely to have done anything about this issue in time for the implementation date. Solutions are already being hotly debated with many site owners believing that a browsers own option to enable or disable cookies being enough while the Information Commissioner thinks otherwise.

Perhaps one solution would be for a site to have to include terms and conditions that clearly state what cookies the site uses and what information is stored and retrieved by them. Users would have to click to accept the terms upon first visiting the site and then a cookie could be used to say that they have accepted cookies and prevent the message being displayed again. This would also give the site owner an opportunity to say why this information is being collected. Rest assured I will be keeping an eye on this topic over the next few weeks and months.

No doubt there will be many options tried over the coming months. If you are concerned about whether your site conforms to the new regulations then why not contact me for a free, impartial chat about your site and how this EU directive impacts upon it.

Michael Walmsley

Freelance Web Developer – Blackburn, Lancashire

07787 422 145