Javascript is currently disabled. This site requires Javascript to function correctly. Please enable Javascript in your browser!

Latest

Beware The Cookie Monster

 | 
Release Date:
19 May 2011

IMPORTANT: This briefing note is only intended as a general statement of the law and no action should be taken in reliance on it without specific legal advice. Release Date: 19 May 2011

On 26 May 2011 the law changes on how it is permissible to use cookies on websites. As a result, almost all websites that use cookies will need to amend their practices in order to avoid falling foul of the new legislation.

WHAT’S A COOKIE?

A cookie is a small text file downloaded on to the user’s device when he or she accesses certain websites. Cookies can serve a number of useful purposes: for example, authentication of the user, storing website preferences, or shopping cart contents.

WHAT’S CHANGING?

The UK is implementing a European-wide directive which places far more onerous obligations on websites operators which use cookies.

In essence, cookies can in future only be used either with the user’s consent or if they are “strictly necessary” for a service requested by the user. “Strictly necessary” is being interpreted narrowly and is only likely to apply to situations where the cookie is essential for the user to operate the website – for example, to store the contents of a user’s “basket” on an e-commerce website as he or she moves from one screen to the next. All other cookies will require the user’s consent.

WHAT DO I NEED TO DO?

If your website uses cookies, you will almost certainly need to introduce new measures to bring that use to visitors’ attention, explain it to them, and to gain their explicit (not implied) consent. The existing way in which most websites informed users about their use of cookies – tucked away in the website terms and conditions or privacy policy – will not suffice after 26 May 2011.

The Information Commissioner’s Office (“ICO”) last week published some helpful, plain English, guidance on how to comply with the new law – see here.

It is clear from this guidance that the ICO will adopt a common sense approach to enforcement of the new law. Crucially, it will take into account the efforts made by a website operator to comply with the changes. It will treat an operator which has made genuine efforts to comply with the new rules very differently from one which has buried its head in the sand.

The ICO recommends that all website operators using cookies take the following steps:

  1. Check what types of cookies you use.
  2. Assess how intrusive those cookies are.
  3. Decide how you can best obtain user’s consent to those cookies.

The key message is, the more privacy intrusive your cookie, the more you will need to do to obtain consent to it.

If you would like to find out more about the changes to the law on cookies and what you can do to comply with them, please contact Peter Nunn on +44 20 7440 4768 or by e-mail.