EU Cookie Law Changes

by Nicola Payne

In a previous blog we looked at the relationship between Google AdWords re-targeting and the advice from the Information Commission Office (ICO) about use of cookies. This post summarises the advice from the ICO about collecting information using cookies on your website more generally. You should be taking steps to comply with the ICO regulations by May 2012 or you risk a £500,000 fine.

Previously the law was that if you used a cookie to store information then you had to tell people and give them an option to opt out; most websites did this using their privacy policy. The new rules change the emphasis so that users actively have to give their consent for you to collect and use their data.

You might not think you are collecting visitor data, but if you are using Google Analytics then you are using a cookie to track your visitors; ecommerce systems rely on collecting and storing information, including delivery and payment addresses.

The principle of the legislation is a good one – it’s there to protect us – so we know what information is being gathered about us and can decide whether or not this is OK. It is, however, a spectrum: using cookies to collect anonymous Analytics data to improve the performance of the website is a very different thing to collecting information about individual browsing preferences and then using this to target advertising. The regulation says the response needs to be proportionate, whereas campaigners like the Open Rights Group are lobbying hard for even greater protection.

The ICO advice suggests that website owners should:

  1. Check what type of cookies you use and how you use them
  2. Decide how intrusive your use of cookies is
  3. Decide what solution to obtain consent will be best in your circumstances.

This last point – what solution is best – is tricky. At one point it was suggested that browser setting were the solution to this and browser suppliers, like Google and Firefox, would provide options to opt-in or out of certain settings with no need for individual websites to worry. Google Chrome and Mozilla have already created plug ins to allow you to opt out of behavioural advertising, but the current thinking is that this won’t be sufficient.

The ICO have suggested various technical options depending on the type of information you collect. So for example, if you are an ecommerce system you can embed the opt-in as part of the registration process. You can see how the ICO have addressed collecting Analytics type data on their website with an opt-in box in their header. Nasty, but effective?

What are we doing at Noisy Little Monkey?

Mmmm CookiesWhile the technical solutions are being worked out, we are going to eat biscuits and decide what information we need to collect, and then check with our techie mates at BisonGrid about coding the opt in on our new website. As we only collect Analytics data at the moment, this is a pretty tiny job.

We will also be watching the press to see how the regulations may impact some of our customers’ websites and what they may need to do to comply with the ICO advice. Of course it could all change before May, so watch this space!


With thanks to Lloyd Morgan for the mouthwatering cookie photo

Nicola Payne
Nicola Payne

Managing Director at Noisy Little Monkey, Nicola posts about Google Analytics and managing marketing teams.

Meet Nicola Payne

Monkey Mail 💌🍌

Get monthly digital marketing tips sent straight to your inbox.

Want to know what to expect before you subscribe? You can preview the monthly newsletter right here.

Don't worry - we won't EVER share your email with anyone. Even if they offer us a million quid. It says so in our privacy policy.
If you would like to offer us a million quid, email at once.