Recent changes in the law relating to internet cookies mean that all businesses will need to review their websites.
What are cookies?
The law relating to cookies has changed, with implications for all businesses which have websites. In this context a ‘cookie’ is not the edible kind, but a key element in recording viewing habits when a visitor moves around a particular website.
When you browse a website for the first time, that website will send one or more cookies to your computer. A cookie is a small text file that can be used to assign a unique reference number to your device so that when you return to the site on a different day using the same computer, the site reads your cookie and recognises you. Cookies are used, for example, to see how many people look at particular websites, remember users’ selections and preferences, save information already entered and manage which adverts are seen.
It is possible to set a browser to block all cookies, but some websites may then become difficult or impossible to access.
How has the law changed?
Are there any exceptions?
The new rule requiring explicit consent applies to all cookies, except for one limited exception. Consent does not need to be given where the cookie is ‘strictly necessary’ for a service required by a user.
This exception would cover, for example, where a visitor to a website is using an online shopping basket. In order to ‘proceed to checkout’ to complete a purchase, it will be necessary for cookies to remember items the user chose on previous web pages so as to complete the transaction.
Early indications are that this exception will be interpreted very narrowly. It is unlikely to cover circumstances where cookies are used to serve advertising, perhaps by remembering users’ preferences or for collecting statistical information about the use of a website.
What shall I do now?
The initial guidance notes, however, suggest that if you are a business using a website you should start by carrying out an appropriate audit:
- firstly, you should check what types of cookies you use and how you use them (Your website designer should be able to assist you with the relevant information);
Whether this format is adopted as the norm for obtaining consent remains to be seen. Perhaps ‘pop ups’ or consumer-selected browser settings will take over instead. Watch this space!
Do I need to do anything now?
The government has indicated that there should be a phased approach to implementing the regulations. The ICO has indicated that it will allow organisations up to 12 months to put their cookie consent affairs in order. After this period those using cookies without asking first could be fined up to £500,000.
This 12-month grace period does not mean, however, that businesses should simply ignore matters now. The ICO has said: ‘This does not let everyone off the hook. Those that choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules’. Complaints received by the ICO in the meantime are likely to lead to warning notices being issued against offending website owners.
How can Keystone Law assist you?
The new law on cookies provides an opportune time for many businesses to carry out a complete review and overhaul of their online terms and conditions, to ensure compliance with the multitude of laws, including the new law on cookies, which govern internet trading.
In December 2010 the Office of Fair Trading (OFT) published its strategy to protect consumers shopping online in the UK, with a focus on more effective enforcement, improving compliance by businesses and empowering customers through education. The OFT found that only about one in five businesses was complying fully with consumer law governing online shopping and it indicated that there would be stricter enforcement, with increased cooperation between the OFT, police and Trading Standards. It really is quite important to put online compliance issues in order, as the legal net is certainly tightening.
This article is for general information purposes only and does not constitute legal or professional advice. It should not be used as a substitute for legal advice relating to your particular circumstances. Please note that the law may have changed since the date of this article.