Later this week a new law comes into effect – the Privacy & Electronic Communications (EC Directive) (Amendment) Regulations 2011. This law requires all website operators in the EU to gain consent from visitors before storing or retrieving information from a visitors computer.
Essentially, this law blocks the use of cookies until a user has been asked for (and has given) informed consent. Francis Davey, the fantastic tech legal expert has written an in-depth blog about the changes.
The more I look into it, the more I think it will be an uphill struggle to fully implement this law. So many services use cookies such as embedded Vimeo videos, Facebook, Twitter and even WordPress. The law could make services like Google Analytics completely useless if the have to ask every time they are used. Of course Google is a US company and could potentially argue that EU law doesn’t apply (which would leave EU website owners with bit a problem).
If fully implemented, this law could significantly change the way websites work in Europe, and not necessarily for the better. However, at the same time, it could vastly increase the privacy of website users.
So, given that the law comes into force this week and there are so many problems challenges, what can website owners do? Well, the Information Commissioner (ICO) has published some useful guidance (pdf) which you should read. Luckily, they aren’t expecting full compliance just yet!
In the public sector, we’ve been given some temporary guidance on some small steps we can take. This includes auditing our use of cookies and producing a list of what they are, what they are used for and how long they last. This list should be published on the site along with the website privacy policy.
I produced a first version for work’s Recalled Products website yesterday and I’m working through the others over the next few days. If you want to copy / reuse / alter my example, go right ahead. I’d also appreciate any comments on how this could be improved.
Hopefully over the next few months, the ICO & government will put together some more comprehensive guidance on how website owners can move towards full compliance. For now though, start producing these lists of cookies!