Guest Posts, Online PR and Marketing, THE BLOG

Do You Have a Website? COOKIES: Steps To Take Towards Achieving Compliancy


Tagged: , ,

The last in our Guest posts by Yvonne Morris. Thanks Yvonne for your worthy and very detailed explanations! OPT

Written By Yvonne Morris:

PRE-SET-UP STEPS

Unless you can avoid using cookies altogether or unless you fall in to the exceptions from the new law requirements to (1) provide clear and comprehensive information about any cookies you are using; and, (2) obtain consent (the “Requirements”) (see page 12 of the ICO Guidance Download the ICO cookies guidance (pdf)) (the “Guidance”), it is advisable that to take the following pre-set-up steps:

  1. Check what type of cookies you use and how you use them;
  2. Assess how intrusive your cookie usage is for each cookie;
  3. Decide what solution to obtain consent;
  4. Ensure you have an online Privacy Policy which makes reference to cookies;

Ensure you have an online Cookie Policy (Note that if you merely mention cookies in your Privacy Policy, you are not doing enough. The Guidance insists on an unwavering adherence to the Requirements); and,

  1. Take legal advice.

CONSENT

In view of practical and technological constraints to instigating sophisticated consent mechanisms, the Guidance acknowledges that attaining implied consent is maybe more practical than the explicit opt-in model , however, it also states how “explicit consent might allow for regulatory certainty”. It is clear that the more effort put in to satisfying Requirement (1), the more likely implied consent shall suffice for opt-in consent.

EXAMPLES

An example of explicit consent via an opt-in can be found at www.fasthosts.co.uk. Sites like www.barclays.co.uk have taken one step back but a giant step forward by not providing an immediate opt-in mechanism but by instead providing a disablement mechanism via pop-up window. A site relying solely on inferred consent currently is www.ipo.gov.uk .An almost hybrid dual option site allowing for explicit or inferred consent is www.website-express.co.uk. It is not uncommon for consent to be gained online using the terms of use or terms and conditions to which the user agrees when they register or sign up.

The key point is that a website owner needs to be upfront with users and obtain consent by giving the user specific information about what they are agreeing to and provide them with a way to show their clear acceptance. Cookie warning messages can be displayed by way of message headers or footers or pop-up windows on the website of varying size and prominence and best practice is that they contain a link direct to the Cookie Policy. Therefore, it is understood that those setting cookies must:

  1. Tell people that the cookies are there;
  2. Explain what the cookies are doing;
  3. Obtain consent to store a cookie on a user’s device; and,
  4. Provide information in your Cookie Policy on the management and removal of cookies (or go a step further and provide a mechanism to instantly disable cookies).

COOKIE INFO IN COOKIE POLICY

Whichever method you choose to satisfy Requirement (2), in order to meet compliancy, it is advisable that you also provide a Privacy Policy wherein you reference cookies and a Cookie Policy itself wherein you can insert the Requirement (1) information, preferably presented in a table. You can find out more about what information can be used in Article 2 of 3 published by Hanne & Co under the paragraph headed “A Cookie Audit”.

CONCLUSION

Businesses need to consider the best way forward for their particular website to inform users about their use of cookies in detail and to obtain the requisite consent. The grace period expired on 26May 2012 and the law cannot be ignored! Given that the implementation of the new law is still experiencing teething problems, transparency should be the guiding principle of any business in its online activities. 

Yvonne Morris Limited can help to provide you with the following:

(1)   Suggested wording for a cookie warning message to be placed on your site;

(2)   A Cookie Policy (and a Privacy Policy if you don’t have one);

(3)   Advice and guidance on how best you can utilise these to meet the current legal obligations on a website owner; and,

(4)   Undertake a review of any existing contracts you have with third party providers (or update company template precedent agreements) to ensure that you secure their commitment and agreement to be compliant with the law on cookies thereby reducing your risk.

www.yvonnemorris.co.uk

Got a question?...Ask here

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s