Recent updates to the EU’s Privacy and Electronic Communications Regulations mean that the use of cookies to remember and recognise visitors is now technically illegal for UK websites.
Small businesses are being warned that their websites could fall foul of new EU rules governing the use of ‘cookies’ unless urgent alterations are made.
Currently, many websites use cookies to allow users to navigate their pages efficiently, performing tasks such as remembering log-in details, browsing history and ordering information. Analytics software which monitor website usage, along with third party advertising such as Google's AdSense, also use cookies.
Cookies work by installing a small piece of code on to a site user’s computer and this code allows the site to remember and recognise visitors. However, recent updates to the EU’s Privacy and Electronic Communications Regulations mean that it is now technically illegal for UK websites to do this without first seeking the user’s consent.
Companies which are found to have fallen foul of the new law, introduced in May, face a fine of up to £500,000. As a result, the Forum of Private Business is urging business owners to make sure their websites comply.
Thankfully, the body tasked with policing the regulations - the Information Commissioners' Office (ICO) – has said that if it receives a complaint about a website using cookies without first gaining consent is will give the site’s owner ‘up to 12 months’ to make alterations before prosecuting.
However, the Forum believes companies should err on the side of caution and make any necessary changes to their websites as soon as possible to avoid potential problems. Forum of Private Business Chief Executive Phil Orford said: “Previously, the rules surrounding the use of cookies meant that you were obliged to explain somewhere on your website how you used them and how visitors could stop your site from doing so, but that was it. Now, you won't be able to put cookies on people's computers without them consciously giving their consent for you to do so, even if it means your website might not work properly as a result.”
He continued, “A business with a simple, non-interactive, two or three-page site shouldn’t be affected but if your website has a shopping basket function, remembers when a user has logged in, carries third party advertising or uses an analytics package, it is likely that it uses cookies to do so. Thankfully, the ICO has said it will give businesses up to a year to ‘get their house in order' if it receives a complaint about them. But with the possibility of a £500,000 fine for those deemed to be flouting the law, it is advisable for any business owners who think they may be affected to assess their use of cookies now and make any changes necessary.”
What a company will need to do to comply with the new legislation will depend entirely on their website. There is also still a considerable degree of ambiguity surrounding how the rules will work in practice and the government is still discussing the legislation with browser manufacturers – websites may soon be able to rely on the user's browser settings to indicate consent, but this is not currently possible.
However, the ICO has put online its own guidance on the issue. It suggests a three-stage approach:
1 - Check what type of cookies you use, if any.
2 - Assess how intrusive they are.
3 - Decide how to best obtain consent from users. This could include a pop-up message offering an opt-in option when someone signs up for your service, or letting them make choices about how they use your site. Small businesses may have to ask their web designers or developers for information and input on this.
UK-based websites will no longer be allowed to download cookies without the site user's consent.