UPDATE: Further clarification from the ICO on what is required
As of May 26th 2012 a new EU law comes into effect on the use of web cookies. It was first announced in 2011 but was put on hold for a year – but you need to be prepared for when it comes into force on the 26th May.
Firstly lets have a look at what a cookie is.
A cookie is a piece of information in the form of a very small text file that is placed on an internet user’s hard drive. It is generated by a web page server, which is basically the computer that operates a web site. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site. A cookie can be thought of as an internet user’s identification card, which tell a web site when the user has returned. Reference: aboutcookies.org FAQs
Cookies are commonly used to store information about a user – remembering who you are on a website. They enable logging in, shopping baskets and many more functions taken for granted on the internet.
Whats the current law on cookies?
Presently all UK websites are legally required to tell website visitors about the use of cookies on the website, and how they can delete or control them. This is commonly done via a website privacy policy.
What is the new law?
The new law states that for certain types of cookie, websites must give website users a choice of whether to accept cookies or not on the first page. This must be an opt in – ie you must have the users consent.
The good news for Glassraven ecommerce store owners
The law states that use of cookies which are just for the operation of the website does not need permission. So logging in, adding items to the shopping basket, saving product details for personalisation is all OK.
This covers all of the functions within the Glassraven ecommerce stores.
& the not so good…
Third party systems such as Google Analytics, which we know many of our clients like us to integrate into their stores, which are used for monitoring and tracking do need permission from your customers. Google has yet to issue a policy about this – we’ll keep our eye on the situation and update you when we know more.
The most common current recommendation for websites using Google Analytics is that you are probably ok to continue using it as long as you specify so in your privacy policy. This does not quite match what the EU legislation specifies though so you may wish to err on the side of caution.
So how do I make sure I comply?
If you are not using Google Analytics or other analytics / tracking software in your store you need do nothing other than the standard information added into your privacy policy. If you do wish to use these though you have 2 options:
- Use a popup box on entry to the website requesting permission to use cookies – this method is used on the BT website: www.bt.com
- Have a prominent warning message on entry asking for permission – this method is used on the ICO government website: www.ico.gov.uk
Neither of these situations are ideal, many web users don’t even know what a cookie is and could be potentially put off.
What happens if I don’t comply?
There is a potential fine (up to £500,000) for non-compliance, historically the governing body has not issued fines however the potential is there. The ICO aren’t likely to chase down every website, yet they will respond to complaints.
Further information on cookies
Please note: the above information has been provided as general advice on the subject of cookie use within your ecommerce store. It does not constitute legal advice – for this you should approach a qualified legal professional.