Cookie Legislation deferred, but time to prepare

Posted on 31. May, 2011 by in Digital Marketing, Uncategorized

EU cookie legislation, supposed to pass regulation into UK law last week, was deferred for another year: while the UK government is giving businesses time to ‘get ready’, there still seems to be some confusion about what the requirements for advertisers, publishers and technology providers actually will be.

So what is it?

The revised ePrivacy Directive is part of a broader piece of European legislation – the EU Electronic Communications Framework: the framework will amend the existing Directive and replace the current ‘notice and opt-out’ provisions with a requirement to obtain consent for the ‘storing of information or the gaining of access to information stored in the terminal equipment of a subscriber or user… having been provided with clear and comprehensive information’.

Basically, a user has to accept first and third party cookies, rather than just being given the option to opt out.

There are (narrow) exceptions though, which apply, “for example, to a cookie you use to ensure that when a user of your site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, your site ‘remembers’ what they chose on a previous page. You would not need to get consent for this type of activity.”


So far so good, but there seems to be some confusion about the notion of ‘informed consent’: the ICO (Information Commissioners Office) references ‘prior consent’, which means consent obtained before the first cookie is dropped. The UK Government rejects a ‘prior consent’ approach; however it does acknowledge the change from ‘notice and opt out’ to a system based upon ‘informed consent’ and that “the use of cookies that underpin the use of shopping baskets on websites will be exempt from this change.

It looks like ultimately the suggestion is a browser level opt out with an industry drive towards consumer education. Advertisers will need to offer support to initiatives to eductae consumers on the use of cookies.

The ICO however released a contradicting statement, in which it asks “organisations which use cookies or other means of storing information on a user’s equipment, that they have to gain consent some other way” (rather than through browser settings).

So, what now?

In our experience quite a few advertisers have unnecessary cookies on their website (like old cookies that have been superseded as a website has evolved). So why not use the rollout of this regulation to streamline your website cokkie structure, removing anything unnecessary and understanding which ones are strictly vital?

Compliance made easy

There are a number of different options to facilitate compliance with the regulations:

- pop ups: using pop ups or splash pages when users arrive on a site to gain consent

- T&C’s: gaining users consent via terms and conditions when they first sign-in or log in to your online services

- settings-led consent: some cookies are deployed when a user makes a choice about how the site works for them. In these cases, consent could be gained as part of the process by which the user confirms what they want to do or how they want the site to work

- feature-led consent: when a user chooses to use a particular feature of the site (ex: watching a video) or when the site remembers what they have done on previous visits in order to personalise the content the user is served. In these cases, the user has to open a link or click a button, which is when you can ask for their consent to set a cookie.

Complying with the new cookie regulation might in the end not be as bad as it sounds. And we all have another 12 months to get used to it!




Tags: ,