is my attempt to comply with a new law. I’ve written about it over on Technology Solved, but I thought I’d better put something up here too.
Basically, on Saturday 26th May this year, a new law comes into force in the UK. It says that before a website sets cookies, it must ask the user’s permission.
Right about now, a lot of you are asking what cookies are. OK, that’s easy enough. They are text files that websites download via your browser and store on your machine. They allow sites to customise your viewing experience – ever wondered how Amazon knows what to suggest you might like? It’s because it tracks your journey through its website by using cookies. Google too, with its personalised search, and pretty much anything with a shopping cart. Do you login to websites? Like your blog maybe? Using cookies. This site is running on wordpress, and that sets a cookie when you comment too.
Most of the cookies this site sets are actually from other places. Like Google analytics for example. Or the Addthis sharing options at the bottom. Meant to enhance either your or my experience, but the site won’t fall apart without them. So they are non essential, and covered by the law – I have to disclose what they are all about, and let you decide whether you want them or not*. And most of you are ignoring the little pop up, and that’s why my google analytics are trying to tell me that only 26 ppl viewed the site yesterday. You haven’t given me permission to set cookies, so I’m not doing it.
(Actually, I’m not sure that’s true. I don’t know whether the addthis cookies are still being set. Job for tomorrow I think.)
So, are you still with me?
Little text files, used to enhance experience and customise websites. It is good to know what they are. Websites are also required to have privacy policies explaining what the cookies are about – I’d recommend reading a few. Back when I first started spending lots of time online I used to block cookies from most sites – I’ve got lax over the years. In some ways this is a good thing, to have web developers thinking about what they are doing, and users getting more clued up too. But overall this is a pigs ear of a law, and on Saturday I’ll be posting more here about what you can do about it. No need to worry too much, apparently the ICO, the enforcement office, has a list of 50 websites they are planning to target and then they are going to wait for complaints. I’ve got some ideas about that too 😉
If you’ve any specific questions I haven’t answered (and I’ll be rather disappointed if no one has) please leave me a comment. Remembering that that involves cookies too…
*Essential cookies are those that websites require to be able to function. Such as those used by most shopping cart systems, they will be set anyway and your engagement with the system is taken as your permission, effectively. Should still be in privacy policies though.
Edited to add: if you are hosted by a service like blogger or WordPress.com in all likelihood you have little control over cookies. I’d suggest writing up a privacy policy to that effect, and emailing your support to ask what they are doing about it. If you’re self hosted, it’s all down to you. Please note I am not a lawyer and all of this is best guess advice.
lorena says
thanks for this – I’d heard about it, but hadn’t looked into it thoroughly – I thought it was for companies only. like your fix, will spend a few hours putting that everywhere!
L
Jax says
Apparently the guidance has been updated again…
Midlife Singlemum says
I think I’ve resigned myself to the fact that nothing is private online so why bother blocking anything – as I’m not doing anything naughty or embarrassing. The one place that is annoying is when different offers are made to first time customers to entice them which are not offered to returning customers. It’s worth cancellin cookies on any travel sites for example if you want better deals.
Jax says
A good tip. I think it’s useful to think about this stuff, and hopefully it’ll be a wake up call to developers that have got rather lazy.
Sian says
Great post Jaxx.
Jax says
Thanks.
Circus Queen says
The 26th really snuck up on me. Thanks for the reminder that I need to do something about this. So would a privacy policy page on my blog be enough or do I actually need an opt in button like the one in your corner. By the way, it didn’t stick around very long. I wonder if it might be better to put it somewhere more obvious?
Jax says
Apparently the guidance changed on Thursday, I haven’t managed to read the full 31 pages yet, but I’m guessing that if you’ve just got analytic type cookies, maybe social network ones a disclosure policy may well be sufficient. Just a best guess mind.
Susan Mann says
I think this a great post which explains all the options and ins and outs. I have done a privacy policy. Will see how it goes. Thanks for doing this. x