Company Commercial Notepad - February 2012
1. Cookies: Is Your Website Compliant?
In June 1994, the first ‘persistent client state object' - a bland and opaque choice of words which would have made many a lawyer proud - quietly came into being. It had been lovingly crafted by Lou Montulli, a talented programmer for what was to become Netscape Communications. Later, he wisely started to use the snappier term ‘cookie' to describe his game-changing invention.
So whilst the childlike word, cookie, may conjure up sweet thoughts of soft, gooey biscuit, the European Commission is not quite so smitten. The Commission in 2009 revised the ‘E-Privacy Directive' (2002/58/EC) which has brought in a much tougher regime on the use of (non-biscuit based) cookies. Whilst businesses have been using them pretty much unhindered for some 18 years now; from 26 May 2012 the UK's enforcement agency, the Information Commissioner's Office ("ICO"), is likely to ‘throw its weight around' a bit more. Enforcement for non-compliance with the new cookies law will undoubtedly increase. Your business and your website may be at risk.
- has been provided with clear and comprehensive information about the purposes for which the cookie is stored and accessed; and
- has given his or her consent (there are a small number of limited exceptions to this rule).
To comply with this law, many businesses are following recent ICO guidance. You should therefore consider the following steps:
- check what type of cookies and similar technologies you are using and how you use them. This might be by way of a comprehensive audit of your website or it could be as simple as checking what data files are placed on user terminals and why. You should analyse which cookies are strictly necessary and which might not need consent. This could be a good opportunity for you to clean up your web pages and stop using any cookies that are unnecessary, or which have been superseded as your websites have evolved.
- decide on the best solution for you to obtain consent from the users of your website. Possible solutions include the use of terms and conditions, pop-ups and similar techniques, settings-led consent, and website headers or footers.
We will, of course, keep and eye on developments and update this Focus if necessary. The key date, however, is 26 May 2012 by which time your website needs to be compliant.
If you have queries in the meantime, please do not hesitate to contact a member of the Laytons team.
For PDF version of this notepad please click here.