Saturday, 21 April 2012

Does your website breach new EU legislation for cookies?

ICOIs your website ready to meet the new data protection rules that come into force on 26th May?  

If you run cookies on your website to track and store information about users then from 26th May you will need their permission or you may be in breach of new EU legislation.  

The only exception to this rule, according to the Information Commissioners Office (ICO) is, 'if what you are doing is ‘strictly necessary’ for a service requested by the user. This exception is a narrow one but might apply, for example, to a cookie you use to ensure that when a user of your site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, your site ‘remembers’ what they chose on a previous page. You would not need to get consent for this type of activity.  

How you gain this approval is the next challenge. If you visit the ICO's website you will see that they now ask you the following question:  

'The ICO would like to place cookies on your computer to help us make this website better. To find out more about the cookies, see our privacy notice.'  

'I accept cookies from this site'  

Many sites will be able to ask a specific question when users register for a service or locked off content however others will also need to ask similar questions not to be in breach of the legislation.  

The ICO has issued a guidance document on this subject which you can download below.

advice_on_the_new_cookies_regulations.pdf (122 kb)

No comments: