Advice On Cookies - following the EU Directive Regulations
What Brands should do?
The Independent Commissioners Office (ICO) recommends that brands need to check what type of cookies are used and how they are used on their websites. Companies then need to decide if they are intrusive and decide what way will be best to gain consent from their users?
Why is this rule changing?
The European Directive on which the Regulations are based has been revised. UK law has to change to implement that changed Directive.
What’s the exception to this ruling if any?
The ICO says the only exception to this rule is if what you are doing is ‘strictly necessary’ for a service requested by the user.
This exception is a narrow one but might apply, for example, to a cookie used to ensure that when a user of the site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, the site ‘remembers’ what they chose on a previous page. Websites would not need to get consent for this type of activity.
The ICO states this exception needs to be interpreted quite narrowly because the use of the phrase “strictly necessary” means its application has to be limited to a small range of activities and because the use of the cookie must be related to the service requested by the user.
Brands cannot use the exception just because using the cookies would make the website more attractive if it stores users’ information.
Can’t the browser settings be used to gain consent?
One of the suggestions in the new Directive is that the user’s browser settings are one possible means to get consent.
However, currently most browsers are not advanced enough to allow websites to assume the person visiting it has given their consent to allow a cookie to be set.
Not everyone uses a browser. Many people access websites from their mobile devices etc.
It advises that it would be better to make sure a website has consent system set up rather than rely on other people.
How can brands gain consent?
Some examples from the ICO of ways you can gain consent are:-
Initially this may seem an easy option as it pops up directly on screen and they have to action it. However this can be a frustrating thing to the user.
T’s & C’s
Brands shouldn’t just change the terms in the website. Users need to be directed to the changes and it needs to be made clear at sign up that the website needs to gain the users consent to store the information and explain why it is needed.
Some things are stored when a user chooses to use a particular feature of the site such as watching a video clip or when the site remembers what they have done on previous visits in order to personalise the content the user is served. By clicking a button or agreeing to the functionality being ‘turned on’ – then you can ask for their consent to set a cookie at this point.
Brands may collect information about how people use the site. Analytical cookies may not seem intrusive but consent is still needed.
The ICO says websites could maybe list the cookies and explain what they do so the user has a more informed choice, especially if the information is being passed to a third party site.
Suggestions are maybe a button or scroll somewhere in maybe the header or footer of the website that prompts the user to click on it for more information about cookies and send it to a privacy page link.
What are third party cookies?
Some websites allow third parties to set cookies on a user’s device. For example if a website has banner ads or streaming videos etc, they may place their cookies on the user’s pc or mobile device.
As a brand it is vital to make sure full information is given to users and subscribers on your websites so that they again can make an informed decision for themselves.
Be a responsible brand.
For more information visit the ICO website www.ico.gov.uk
By Victoria Savage, Project Manager at Big Dot Media www.bigdotmedia.co.uk