Cookies are rather nice biscuits. They are also small bits of software which are used to track users on websites.
On the whole this is not sinister. Virtually every website on the internet uses cookies in one form or another – whether they admit to it or not. They are used:
- To make it easier for people to log into sites which need logging into
- So that websites can recognise people when they come back so they can greet them by name
- To enable website owners to see how many visitors are visiting their sites and what they do there, using analytics software such as Google, Stat Counter and Clicky
- For affiliate software so websites referring people can be recognised as the referrer and get paid for it
- To allow videos embedded on sites to work
- To allow membership and shopping cart software to work
- For advertising software – which is where the main problems tend to lie.
There may be others that I don’t know about.
Cookie confusion
Now in common with probably about 80% of website owners I don’t understand fully how cookies work or precisely what they do or are capable of doing. I am a lawyer and writer, not a web technician or cookie coder.
I am very interested, as are all website owners, in what my stats programs are able to tell me about the visitors to my site, but only have a rather vague idea about how they actually work (something to do with IP addresses I think).
The shop analogy
The way I see it is that a website is rather like an online shop. The staff and shop owners can watch the people coming in and out of their shop, see what they do while they are there and which direction they go when they leave. Sometimes they will use CCTV.
So with my website stats, I can see how many people come in and what they do, and where they go when they leave. I can also see how many times they have commented, and so on. Like a physical shop which uses CCTV this information is saved so I can look at it after the visitor has left.
However some cookies, the advertising cookies, do a bit more than this and can, for example, show you adverts depending on what you have done in the past, and are set by third party advertisers rather than the site owner themselves.
Many people consider this to be a step too far and a breach of privacy. As a result, new regulations have been brought in via the EEC to deal with it. You can read about this on the Information Commissioner’s website.
Complying with the regs – implied consent
Up until fairly recently we were all told that we would have to get people to actually click something to say that they were happy with cookie use on the site.
With the vast number of websites and website owners involved though, all of them using cookies (maybe without actually realising it) and many without the technical ability to create or add an online consent advice widget or or the cash to get one developed or added, enforcing such a law was always going to be very difficult.
So the guidance now says that we can be compliant so long as we make it clear to visitors to our site that we use cookies and what they do. So that if people then carry on using the site, in this knowledge, they will be deemed to have impliedly consented to the cookies being used. As if they don’t consent they have the option of not using the site.
This does seem to be a lot more sensible. Although the ICO made the point in their guidance that the information must be reasonably prominent and that the implied consent rule cannot include doing nothing.
So I have now added a new page to my websites setting out the fact that I, in common with practically every other website I know, use cookies and what they do. You can find my page >> here.
If you have a website, you ought to do something like this too. Otherwise you may get the ICO breathing down your neck and even serving a formal notice on you.
What steps have YOU taken?