Everything you need to know about Cookie Law

The EU Cookie Law is meant to make it easier for people to understand what information they are sharing. So why is it so confusing?

Since May 26th, like it or not, all websites must now comply with the new law. If you're one of the many people out there who thinks the Cookie Law has is something to do with chocolate chips or a blue muppet, fear not - our guide to all thing cookie is here to help….

What are cookies?

Cookies are small text files created when you visit a website. They can be used to store information about your movements within a site. It is how many shopping baskets remember what you put in them, how sites with logins remember who you are and all your details. They provide information to webmasters on what content is getting hits and which isn't so they can create a better web experience.

Why do people freak out about them?

People get concerned by two things that cookies can be used for: personalised adverts and analytics. It can be alarming when you see the watch you were looking at on one page advertised on the next page you visit. It can seem like you are being monitored. It is important to understand that cookies cannot reveal personal and private information to third parties. However, they can be used to remember what pages and products you are clicking on so place adverts designed to appeal to you based on the things you interact with on a page. While it may seem a bit creepy, Big Brother isn't watching you yet - rather, marketers and pagemasters are trying to show you adverts you want to see.

Analytics can also sound scary, but like personalised adverts, they provide webmasters with information that can help them deliver a better web experience. Analytics cookies can only monitor where you enter, what you do and where you leave a website. They do not track all your movements on the internet. With this information about what you do on a website, they can work out what's popular and what's not to create a webpage that's more relevant and interesting to you.

There has also been a reports of cookies being used in, arguably, unethical ways. RyanAir was caught using cookie data to hike up prices. The company used cookies to track when a person visited a site and what fare they looked at and then raised the price when they returned to that page. The effect was meant to make the customer worried that the cost will keep going up unless they then book a flight right away. The Cookie Law will restrict this type of cookie use, ensuring visitors are aware that this behaviour and giving them the option to opt out.


Types of cookie

There are two types of cookie:

Session cookies

These are created and deleted when a browsing session expires. They do not hold any information beyond your current browsing session. They keep track of your movement from page to page so you don't keep getting asked for the same information. It's most common use is on ecommerce sites, where it allows a page to remember what you have placed in a shopping cart.

Persistent cookies

These are on the user's device between browser sessions. They help websites remember your information and settings when you visit them in the future - for example, not having to log in again. They will remember other selection you have made such as language selection, theme, preferences and internal site favourites.

Cookies can also be first part and third party. First part cookies are created by the website you are visiting. Third party cookies are set by, unsurprisingly, a third party. These can be issued by a web analytics company on behalf of the website your are visiting, a parent company of the site you are visiting or an advertising network (with permission of the website you are visiting).

What is the Cookie law?

The EU Cookie Law was created in May 2011 to encourage more understanding and choice about how much information they allow websites to track.

It requires websites to disclose if they are using cookies and give visitors the chance not to allow them if they wish.

Cookies which are essential to the running of the site, such as cookies to do with logins and shopping baskets, are exempt from this law. All other cookies, such as cookies that help create personalised adverts, must be disclosed and require user consent.

There is a great level of flexibility in how you disclose cookies. The Intellectual Property Office (IPO) states:

"There has to be some action taken by the consenting individual from which their consent can be inferred. This might for example be visiting a website, moving from one page to another or clicking on a particular button."

This means you can't just bury the Cookie Law in the terms and conditions of your website.


What happens if you do not implement the law?

The law gives the ICO the power it fine websites up to £500,000, but this does not all non-compliant website can be expecting penalties. The ICO has said it understands that website cannot be expected to redesign themselves overnight. It will be adopting a 'soft' approach, particularly as there is some confusion as to what compliance really means.

What can I do?

While there is still some confusion surrounding the law, it is important you make efforts to comply. If you own a website, contact your developer to ensure they are aware of these new laws and discuss what changes you need to make. At Design Agency, we are currently reviewing all our web pages and finding ways to make them imply with the new law in a unobtrusive way that won't effect the user experience.

For more information, download the ICO's guidance on the Cookie Law or contact us.