Like Me? Follow Me.
Last year some new European laws came into effect, which on the face of it meant that all websites had to obtain specific approval from each user if they deployed any cookies on their computers. (You can read our press release on the new law here.) Cookies are used by virtually all websites in order to either enhance the user experience or provide reporting information.
The new law is aimed at limiting the application of invasive cookies that might impact on a user's privacy. However, it was felt by many that the new laws were not implementable in their original form without having an extremely negative impact on internet use.
The Information Commissioner's Office (ICO) has now issued new guidelines on how the laws will be interpreted and what owners of websites should do to comply. The new law will begin to be enforced from May of this year.
The guidelines are relatively long and complicated, so we asked one of our clients, Keith Arrowsmith, (@keitharrowsmith) an Intellectual Property Solicitor from JMW to review the guidelines and give us a quick 10 point summary.
- If you have a website that deploys cookies, you MUST tell people that the cookies are there.
- If you have a website that deploys cookies, you MUST explain what the cookies are doing.
- If you have a website that deploys cookies, you MUST have consent to store a cookie on a user / subscriber's device subject to some exceptions.
- There is no need to inform or obtain consent for a cookie if it is used only for "shopping cart" purposes.
- There is no need to inform or obtain consent for a cookie if it is only used for security of data (eg. online banking)
- There may not be a need to inform or obtain consent for a cookie if it is only used to help to increase page load times.
- If you allow advertisers to place cookies on your website, you may be liable if they don't comply with new rules.
- Web designers that supply sites that do not comply could be liable for negligence or breach of contract.
The sad thing about this new law is that it will cost money for operators of websites to ensure that they are compliant. The good thing is that it may make it slightly harder for sites to phish for details users would rather third parties didn't know.
We will be contacting all of our development clients shortly and offer to make their websites compliant in time for the deadline.