The Noisy Little Monkey Blog

Implementing the Cookie Law: Headline Actions

Posted in regulation, Posted in SEO, Posted in News by Nicola Payne on 28-May-2012 14:07:11

Here's the headline guide on what to do about the changes to the EU Privacy Directive.

One: Read the ICO Guidance

The new guidance discusses many of the concerns that there have been about implementing the cookie law and takes a pragmatic approach. It explains implied consent and provides a number of examples of how to gain opt-in. The general tone is don't panic, but don't be complacent either.

Two: Do a cookie audit

There is absolutely no reason not to audit your site. Cookie audit tools are free and depending on what you find and the importance of compliance to your brand values, you can decide whether or not you need specialist help. The Cookie Collective has a great audit tool.

Three: Think about what the audit tells you

Do you know what information your website is collecting and how you use it? Look at the audit results and decide if you really need all the information you collect. Plug ins and web tools might be collecting all sorts of data you didn’t know about.

Ask your webdesign company to explain the audit results, or simply Google the codes and you’ll find out what they do pretty quickly.

Four: Publish information on your website

The ICO guidance emphasises the importance of educating users in what is happening when they browse your site so they can make an informed decision. This means drawing attention to the information about cookies, explaining what your cookies do and telling visitors how they can opt out.

Have a look at how trusted brands or government sites like the ones below do it and copy them. AboutCookies.org is an excellent resource about how to delete and control cookies; it’s provided by the legal firm Pinsent Masons and is a resource linked to to by lots of Government sites.

If you have a content management system then adding information is straightforward. Even if you need a web design company to add the page, there are enough resources available online for even the most non-technical website owners to audit their site's cookies, find out what they are being used for and draft an updated privacy policy. If you know you are using category 4 cookies, consider getting expert advice.

Five: Decide how to implement consent

Based on the type of cookies you have on your site and the ICO guidance, decide whether it is important to implement an opt-in on your website. For many sites this isn't strictly necessary as long as you have provided clear information and given users the tools to opt out of the cookies on your website. If you have lots of cookies that tailor the user experience then there are various neat solutions to gain consent to use of the cookies.

Be inspired by the way the big boys are dealing with it:

  • BBC: use a banner to ask for consent but in a very low key way
  • Department for Business, Innovation & Skills: don't have an opt-in, but do have a banner directing you to their cookie policy
  • John Lewis: don't ask for consent to use cookies nor use a banner, but do have a box in the left hand menu directing you to the information on the cookies they use
  • BT: this opt-in was one of first to be implemented. It uses ICC definitions and makes it easy to change cookie settings. This is a highly tailored site developed for a non-expert audience. It uses lots of cookies, and BT has invested in easy to understand explanations and ease of use
  • Birmingham Children's Hospital: this is a neat opt-in solution developed by CIVIC. In the light of the latest ICO guidance it is perhaps a bit over spec-ed for some sites, but is free to use.

In addition to these five actions, we think there are four key questions you should also consider in thinking about how to implement the cookie law.

Good luck!

Tags: regulation, SEO, News

Nicola Payne

Nicola Payne

Managing Director at Noisy Little Monkey, Nicola posts about Google Analytics and managing marketing teams.