
A lot of attention was focused earlier this year on cookies, those little snips of coded text that websites automatically place on your computer when you visit those sites with your web browser.
The attention on cookies was all to do with a European Union directive on individual privacy and personal data that came into effect in May 2011, requiring each EU member country to implement national laws that, broadly speaking, give website visitors the power to explicitly accept or reject the placement of cookies on their computer.
In the UK, the government deferred implementation of the directive for one year until May 2012, saying that “it will take some time for workable technical solutions to be developed, evaluated and rolled out so we have decided that a phased in approach is right.”
What that means is quite simple: you still have time to figure out how to implement the UK law – The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 – before it comes into effect next May.
The website of the Information Commissioner’s Office (ICO) – the law’s regulator – offers a glimpse of how an organization might address the way in which permission is actively sought of a visitor when he or she lands on their website – a one-time request that requires you to accept or deny it.
The ICO’s request text reads:
The ICO would like to use cookies to store information on your computer, to improve our website. One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete or block all cookies from this site, but parts of the site will not work. To find out more about the cookies we use and how to delete them, see our privacy notice.
While you could argue the wording – I’d like to see something a little more attuned to the benefit for the visitor, not solely for the website owner – the text is clear enough and as a website visitor you need to take a specific action, ie, accept the request. If you don’t accept it, parts of the website won’t work correctly as the request wording says.
Will that be enough to enable people to really understand what they being asked? I doubt it, frankly. The best example I’ve seen so far is that of AllThingsD, the Wall Street Journal’s tech site, which has a lengthy explanation in plain English of what their site wants to do with cookies.
For most people, though, it’s a murky area to be exploring. How do you set this up on your site? Does every website owner, business or personal, have to do this? What about third-party cookies? Will there be penalties after May 2012 if you don’t have this sorted out? (In a word, yes.) What about blogs – how will this work on those? (Interesting but unresolved discussion thread about this on the WordPress.org forum.)
You can find plenty of information on the ICO’s website. Read it now – you have less than six months to get ready for the cookie law.