Here's the headline guide on what to do about the changes to the EU Privacy Directive.
One: Read the ICO Guidance
The new guidance discusses many of the concerns that there have been about implementing the cookie law and takes a pragmatic approach. It explains implied consent and provides a number of examples of how to gain opt-in. The general tone is don't panic, but don't be complacent either.
Two: Do a cookie audit
There is absolutely no reason not to audit your site. Cookie audit tools are free and depending on what you find and the importance of compliance to your brand values, you can decide whether or not you need specialist help. The Cookie Collective has a great audit tool.
Three: Think about what the audit tells you
Do you know what information your website is collecting and how you use it? Look at the audit results and decide if you really need all the information you collect. Plug ins and web tools might be collecting all sorts of data you didn’t know about.
Ask your webdesign company to explain the audit results, or simply Google the codes and you’ll find out what they do pretty quickly.
Four: Publish information on your website
The ICO guidance emphasises the importance of educating users in what is happening when they browse your site so they can make an informed decision. This means drawing attention to the information about cookies, explaining what your cookies do and telling visitors how they can opt out.
Have a look at how trusted brands or government sites like the ones below do it and copy them. AboutCookies.org is an excellent resource about how to delete and control cookies; it’s provided by the legal firm Pinsent Masons and is a resource linked to to by lots of Government sites.
Five: Decide how to implement consent
Based on the type of cookies you have on your site and the ICO guidance, decide whether it is important to implement an opt-in on your website. For many sites this isn't strictly necessary as long as you have provided clear information and given users the tools to opt out of the cookies on your website. If you have lots of cookies that tailor the user experience then there are various neat solutions to gain consent to use of the cookies.
Be inspired by the way the big boys are dealing with it:
- BBC: use a banner to ask for consent but in a very low key way
- BT: this opt-in was one of first to be implemented. It uses ICC definitions and makes it easy to change cookie settings. This is a highly tailored site developed for a non-expert audience. It uses lots of cookies, and BT has invested in easy to understand explanations and ease of use
- Birmingham Children's Hospital: this is a neat opt-in solution developed by CIVIC. In the light of the latest ICO guidance it is perhaps a bit over spec-ed for some sites, but is free to use.
In addition to these five actions, we think there are four key questions you should also consider in thinking about how to implement the cookie law.