If you own a website then you should be aware of the EU Cookie Law that came into effect as far back as May of last year (2011). In the past the EU has been accused of creating lakes of wine and mountains of beef, but this time there is no food involved, but rather a bit of a hash of legislation about relatively innocuous text files.
There is a rather long description of cookies over at Wikipedia, but in essence a cookie can be described as follows:
A cookie is a small text file placed on your computer by a web browser that allow a website to identify your computer every time is access the site.
Good old Aunty Beeb has a nice page on the subject.
Very rarely. The typical data held in a cookie is a unique ID (normally a random sequence of letters and numbers), the address of the website to which it pertains, and an expiry date after which the browser will normally delete the cookie. That information is then used to hold relevant information on the website’s back-end database.
All sorts of reasons, but frequent uses include:
There have also been some uses that have been considered less than above board. Facebook, we’re looking at you.
The EU have decreed that member countries need to introduce legislation obliging all website owners to ensure that their websites obtain consent from users to add cookies to their PCs. There are exceptions for cookies that are essential to the functionality of the website (such as shopping basket cookies), but otherwise nothing should be stored if consent hasn’t been gained.
The ICO have recently issued a guidance document to try to clarify matters.
It’s important, right now, to realise that the UK are currently within a 12-month grace period as far as applying the necessary changes to their website. So you have until 25th May to ensure your websites are compliant.
The biggest dilemma is what to do if you use a website analytics service that relies on cookies to be set, such as the ever popular Google Analytics. At the moment the ICO Guidance document linked to above states that analytics are not ‘essential’ and so consent must be gained.
Unfortunately that is likely to completely negate the effectiveness of the anaytic data gathered.
To illustrate, the ICO themselves released information on the impact of gaining consent on their website analytics. The visitor figures, which were very consistent leading up to the implementation, subsequently dropped by 90%! That doesn’t mean that visitors numbers actually decreased, simply that only 10% of visitors agreed to implement cookies. Suddenly, the ICO have a lot less data about their website visitors with which to inform their marketing.
As a developer I know that many businesses live or die by the effectiveness of their website, and use analytic data as the means of measuring the effectiveness of various online (and offline) marketing efforts. However, I cannot recommend that a legal requirement be ignored, especially when the ICO have explicitly stated that consent should be gained for analytic cookies.
What I would instead recommend is:
Here at Four Lakes we are keeping a close eye on the legislation and also on solutions that may minimise the impact on analytics, particularly for WordPress-based websites.