Hello, and welcome.
 Cookies consent: what you need to know

Cookies consent: what you need to know

From 26th May 2012 all UK companies need to have implemented a way to obtain opt-in consent before placing cookies on a user's device.
Cookies consent: what you need to know

From 26th May 2012 all UK companies need to have had implemented a way to obtain opt-in consent before placing cookies, or similar tracking technologies, on a user’s device under new ruling made under the Privacy and Electronic Communications Regulations. Companies that are not compliant risk fines of up to £500,000 from the Information Commissioner’s Office (ICO).

What is a cookie?

Also known as browser cookies or tracking cookies, cookies are small, often encrypted text files, located in browser directories. They are used to help web users navigate websites efficiently and perform certain functions, such as remembering payment details, purchase preferences or tracking visitor activity on platforms such as Google Analytics.

How have things changed?

Rather than hiding behind an opt-out option for website visitors (applying cookies unless the user complains), websites will need to specifically gain the consent of their visitor. They must opt-in from the outset to be able to store cookies on their computer or other devices. The exemptions are few and far between, so make sure you are compliant.

What you should do

  1. Update your privacy policy: Explain what cookies/tracking devices you use on the site, why you use them and how users can both provide and withdraw consent (if you are using email marketing, the advice is less clear, see email and the cookies law)
  2. Educate your team: Inform and mobilise key staff members (legal and compliance, customer-facing colleagues, IT department, CRM and web managers, marketing team) about the change in legislation
  3. Undertake a cookie audit: Check what types of cookies you use and identify all your websites and other places where cookies might be used (i.e. mobile sites, iPad apps, etc.)
  4. Gauge the intrusiveness of each cookie: Assess your cookies against an intrusiveness scale and categorise each cookie to help identify any that may be no longer required. Categories could include: strictly necessary, necessary, performance-related, function and target
  5. Obtain consent: Choose the best method of obtaining consent to use cookies from users of your site and implement it; you could consider a pop-up box, landing page, homepage holder, banner, scrolling text, tick boxes or a terms and conditions alert. Econsultancy have recently published a blog post with some example techniques
  6. Develop and test: Obtain some end-user feedback on the experience looking at the ease of use and clarity once your method is live. Check you have used user-friendly language and the correct tone for your audience