EU cookie legislation, supposed to pass regulation into UK law last week, was deferred for another year: while the UK government is giving businesses time to ‘get ready’, there still seems to be some confusion about what the requirements for advertisers, publishers and technology providers actually will be.
So what is it?
The revised ePrivacy Directive is part of a broader piece of European legislation – the EU Electronic Communications Framework: the framework will amend the existing Directive and replace the current ‘notice and opt-out’ provisions with a requirement to obtain consent for the ‘storing of information or the gaining of access to information stored in the terminal equipment of a subscriber or user… having been provided with clear and comprehensive information’.
Basically, a user has to accept first and third party cookies, rather than just being given the option to opt out.
There are (narrow) exceptions though, which apply, “for example, to a cookie you use to ensure that when a user of your site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, your site ‘remembers’ what they chose on a previous page. You would not need to get consent for this type of activity.”
So, what now?
In our experience quite a few advertisers have unnecessary cookies on their website (like old cookies that have been superseded as a website has evolved). So why not use the rollout of this regulation to streamline your website cokkie structure, removing anything unnecessary and understanding which ones are strictly vital?
Compliance made easy
There are a number of different options to facilitate compliance with the regulations:
- pop ups: using pop ups or splash pages when users arrive on a site to gain consent
- T&C’s: gaining users consent via terms and conditions when they first sign-in or log in to your online services
- settings-led consent: some cookies are deployed when a user makes a choice about how the site works for them. In these cases, consent could be gained as part of the process by which the user confirms what they want to do or how they want the site to work
- feature-led consent: when a user chooses to use a particular feature of the site (ex: watching a video) or when the site remembers what they have done on previous visits in order to personalise the content the user is served. In these cases, the user has to open a link or click a button, which is when you can ask for their consent to set a cookie.
Complying with the new cookie regulation might in the end not be as bad as it sounds. And we all have another 12 months to get used to it!