The EU Cookie Directive – What This New Cookie Law Means to You
Companies with a presence in Europe need to be aware of the newly enacted cookie law. This law impacts virtually every company with a website, so business owners need to be aware of the so-called EU cookie directive.
What is it?
Like other such laws, the EU cookie directive was passed with the best of intentions. The law is intended to give consumers and internet users an extra layer of privacy, along with the ability to control how their personal information is used. The law was actually passed back in 2009, but each government had until May of 2011 to implement its requirements. The government agency responsible for the law’s enforcement gave affected businesses up to a year to comply with the new requirement, meaning that many small businesses are just now starting to understand what the law means to them and their internet presence.
It is important for all businesses to take note of the law, since there are fines and other penalties for non-compliance. That means small firms especially could feel a significant impact if they fail to implement the changes the EU cookie directive requires.
What to do
The EU cookie directive requires that internet users give their consent before cookies can be stored on their computers. Since cookies are routinely used for everything from storing the content of a shopping cart to making pages easier to load, this law has a major impact on the way companies do business online.
Originally the law would have required users to actively opt-in before a cookie could be placed on their computer, but those with technical knowledge and knowledge of consumer behavior quickly realized the potentially disastrous implications of that requirements. Many users, unfamiliar with cookies and the operation of e-commerce sites, would have been confused – perhaps even thinking that they had been infected with viruses and malware. That could have resulted in mass confusion for consumers – and massive headaches for businesses.
As a result, a last minute change was implemented that allows website owners to place cookies on computers using so-called implied consent. This implied consent does not relieve business owners of responsibility, and they still must comply with the law. Experts recommend that businesses conduct a cookie audit – evaluating the use of cookies and what they are being used for.
For instance, cookies that are simply used to track the contents of shopping carts may be exempt from the consent requirements of the new law. The same is true of cookies used for analytic purposes, often called first party analytics cookies.
Provide clear information
No matter how cookies are used in your site, it is a good idea to provide visitors with clear information about those cookies and their purpose. It is also important to provide visitors with an easy to use opt-out mechanism that allows users to refuse those cookies.
Adding a page to your website that clearly explains what cookies are, how they are used, and how users can opt out, is vital for companies that want to comply with the spirit of this new law. It is not enough to simply post a privacy policy and expect users to read through all that complicated jargon. Providing the information needed – in a prominent location and in plain English – is essential.
Some businesses have placed headers at the top of their sites explaining the new law and offering an easy to use opt-in checkbox. Others have used a preference panel that allows users to tweak their settings for the various kinds of cookies used by the site.
No matter what you ultimately do to comply with the law, now is the time to get familiar with its requirements. This new law does come with some serious fines and penalties, and even inadvertent non-compliance could cost your company a lot of money.
