That is a helpful page and the link to the ICO cookie information worth following. There is though a degree of difference between reality and theory, summed up in:
"This means in theory websites need to tell people about analytical cookies and gain their consent.
In practice we would expect you to provide clear information to users about analytical cookies and take what steps you can to seek their agreement. This is likely to involve making the argument to show users why these cookies are useful. Although the Information Commissioner cannot completely exclude the possibility of formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals. Provided clear information is given about their activities we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action."
The letter of the law suggests all sites using cookie type analytics (which is most) should get agreement from users. What the paragraph above does is acknowledge this but in a quiet way, say they are not going to enforce that, as is the case for a few similar situations. Two reasons:
They would need to get into a legal argument with 15 million websites, not very practical.
The damage to the UK economy would be unacceptable. If you trawl through the ICO site, you can find minutes of their management meetings. At one they decided to implement the literal requirement in a bold way on their own site, more or less stating they expected not too much effect. By the next meeting, they discovered their site use had plummeted and that is on a trusted site.
They then somewhat stepped back from overkill and many other sites who initially followed the letter of the law more so, including major websites. Plenty of people reported 100% or more increase in bounce rate due to a quite correct popup, or equivalent. Their business was being destroyed.
A common approach is to:
1. Add a prominent link on every page, maybe included in the footer to "Cookies" "Cookie Information" or whatever.
2. Write a page explaining exactly what cookies a site is using and why. Preferably with further information on what cookies are, links to how users can work with them in different browsers etc.
If you are only using basic first party cookies, you may be theoretically not in line with the law but can be seen to be making an effort and in reality, should be okay. The other option is to risk damage when you may not need to.
Even apart from problems re location in other countries, this law was not well thought out, implications not grasped. What needed dealing with were aspects such as third party advertiser cookies, or other personal tracking implementations. If you are using those you should follow the law, or could one day regret not doing so.
7 years ago