The 'cookie law' will be enforced later this month, but is the sector ready? The founder of Ixis discusses the impact of the directive and how websites run by not-for profit organisations are interpreting the rules
In recent years, not-for-profit organisations have started to pay more attention to their online identities, investing time and money in creating a top-class user experience to encourage people to get involved with campaigns and messages.
This month, changes to the Privacy and Electronic Communications Regulations 2003 will come into force in response to the EU Privacy Directive (or ‘cookie law’) and could have a significant impact on the user experience. It means web managers need to be extremely careful when implementing a cookie control solution or they could face hefty fines.
Back to basics…
So what is a cookie anyway? It's a very simple text file that gets downloaded to your computer when you visit a website. Cookies generally contain two bits of information: a site name and a unique user ID. Once the cookie is on your computer, the site knows you’ve been there before and can use that knowledge to tailor the experience you have.
What is the EU cookie directive?
The aim of the EU E-Privacy Directive is to increase online security and data privacy, giving users more control over what data can be held about them. It also addresses how personal information is held and used.
The legislation forces websites to be transparent about how they are using cookies, explain exactly what information each cookie holds and how long it will be held, and requires them to actively request permission from their users before cookies can be used.
What others are doing
Some websites are already running cookie controls and a number are getting it wrong already. Some solutions interrupt the head of the page area with a banner-style consent form; others interrupt the entire browsing experience altogether, obscuring all content.
The Information Commissioner's Office website, ico.gov.uk, is an example of controls not being executed in an effective manner. It displays a message box at the top of its site with a consent tick box, which might hamper the user experience. This is a good example of how the cookie consent requirements could damage your site's design.
One of the best widgets out there is Cookie Control from Edinburgh based CivicUK, which is an elegant and consistent answer to the cookie requirements. The user interface provides a simple pop-up in the bottom corner of a visitor’s web browser with minimal options to complicate things.
Mike Morton, digital media manager for Epilepsy Action, says: "Being tracked across the internet by third-party cookies has become a privacy nightmare. Systems that help website owners deal with cookies as easily as possible are a good thing. As is educating users about cookies and what they’re used for."
Another good example of a website employing effective cookie controls is, as you would expect, the government site www.gov.uk, which includes a ‘beta warning’ pop-up with the message "N.B. This site uses ‘cookies’ and Google Analytics. Closing this page sets a cookie so you don’t see it again. There’s more information on cookies at AboutCookies.org." Every page also contains a link in the footer pointing to its very clear and helpful cookie information page.
There are some simple steps web owners can take to comply with the directive:
• Find out what cookies your site is setting by entering your website URL on the Cookie Cert database site (http://www.cookiecert.com/cookie-api). It can take as long as two hours for your site to be checked, so don’t expect an instant result.
• The solution you or your web manager decides to use needs to request consent if it is not already obtained.
Full information on the EU Directive can be found on the Information Commissioner's Office website.
Mike Carter is the founder of drupal specialist Ixis