Taking effect on May 26, 2012, the new E-Privacy Directive (originally amended in May 2011), is an EU wide 
legislation, sometimes known as the ‘cookie law’, that will affect every UK online business. Until now the use of cookies and other tracking technology to collect user behaviour information has been only loosely regulated. However, the new law requires that companies must receive ‘informed consent’ from the consumer prior to using, or installing cookies and other tracking technology for such use on a users’ device (PC, iPad, mobile phone, etc.,). Even if the tracking technology is not cookie-based, the ePrivacy Directive is still enforced.
The EU directive states that consumers should be aware that when they visit a website, what they do whilst there is being tracked and that tracking information stored on the website’s server to be recalled when the same device returns to log in to that website on another visit. Offering transparency for the consumer, there will obviously be quite an impact on the business owner, not only to find the appropriate format for obtaining consumer consent but also a reduction in the amount of customer data that will be available.
Privacy Policy Link
Suggestions for obtaining consent range from the inclusion of an E-Privacy Directive Policy link that is highly visible on the home page, to adding a pop-up window requesting visitors to confirm their consent (on a first time visit to the site, and only on a subsequent visit where the law has changed or content has changed), and also possibly including the eprivacy directive policy in header / footer content.
The headache for business and website owners is finding the most appropriate and less invasive method of acquiring consent. There will of course be many visitors, as well as business owners who’ll be turned-off by a pop-up window requesting consent, and the option of using browser settings is still not yet refined enough to work flawlessly in this regard, so clearly this is an area causing much concern for online businesses.
However, there is no chance of non-compliance, as the head of regulatory affairs at IAB (Internet Advertising Bureau), Nick Stringer states, ‘there are no short cuts to complying ….it’s about transparency and developing good business practice’, adding, ‘it’s the law’!
To help business owners better understand the new law, the Information Commissioners Office have created an extensive New Cookies Guidance document which details how a business can fully comply with the new directive.
Ultimately, by including a concise description of how cookies are utilised on your site (in a highly visible location), and by receiving consent from each visitor to your site, you will show transparency and therefore not suffer any penalty for non-compliance of this new ePrivacy Directive.
Know your cookies, know your rights
For those requiring a little more understanding of Cookies, here’s a brief summary:
Cookies, browser cookies, persistent cookies, session cookies, and tracking cookies are small, sometimes encrypted text files located in browser directories. They allow a visitor to easily navigate a website, and can be used for identification purposes, identify user preferences and authentication, amongst others. Disabling these cookies will often prevent a visitor from using your site.
What Cookies Do
In effect when a visitor enters a website, a cookie (text file) is automatically generated and sent from the website to the users’ device. Each time that same visitor returns to the site the file is accessed from the website’s server, it remembers the previous visit and visitor preferences.
Browser Cookies
Allow a visitor’s information to be stored on the website server. If one is a returning visitor to that site then instead of having to log-in each time to access a secure part of the site, the cookies handle that process without the user’s input.
Persistent Cookies, also known as Tracking Cookies
Allow you to add your personal preferences on how you view a particular site, for example how you’d search for a particular item, i.e. low price to high, categories A to Z. They are remembered each time the user logs in to a particular site, after the first initial visit (when using the same device)
Session Cookies
Are used to track a user’s behaviour on the website for that one particular session. Once the browser has been closed there is no tracking capability.
It helps to be knowledgeable about these little fellows that have inspired the e-privacy directive so should you wish to further inform yourself then we suggest you take a look at the full explanation of Cookies at: http://www.allaboutcookies.org/
The Legal Documentation of the E-Privacy Directive
Below is a summary of how the actual EU ePrivacy Directive reads, but for a more extensive, in-depth look at the law, take a look here to further educate yourself about this important new piece of legislation: ePrivacy Directive Procedures
The new requirement is essentially that cookies can only be placed
on machines where the user or subscriber has given their consent.
(1) Subject to paragraph (4), a person shall not store or gain
access to information stored, in the terminal equipment of a subscriber
or user unless the requirements of paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal
equipment–
(a) is provided with clear and comprehensive information about the
purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
(3) Where an electronic communications network is used by the
same person to store or access information in the terminal equipment
of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2)
are met in respect of the initial use.
“(3A) For the purposes of paragraph (2), consent may be signified by a
subscriber who amends or sets controls on the internet browser which
the subscriber uses or by using another application or programme to
signify consent.
(4) Paragraph (1) shall not apply to the technical storage of, or
access to, information–
(a) for the sole purpose of carrying out the transmission of a
communication over an electronic communications network; or
(b) where such storage or access is strictly necessary for the
provision of an information society service requested by the subscriber
or user.
Time is now running out for those who have not yet taken steps to incorporate the eprivacy policy changes to their website content. We suggest you consult with your web development team to discuss the best options for implementing this mandatory piece of legislation and remember that deadline for the new directive is May 26, 2012.
The world wide web is still relatively new in this modern age of technology and as such, whether we agree with them or not, the laws and best practices will continue to evolve. Don’t let these new laws and legislations overwhelm you.
The post E-Privacy Directive and How it Affects UK Websites appeared first on the Sonet Digital Blog