Cookies: be an early adopter or wait-and-see?

The Privacy and Electronic Communications (EC Directive) Regulations 2003 has a large focus on the use of cookies, which could affect many of Public Life’s clients.  As the new legislation’s grace period ended on Sunday 27th May, many organisations will be wondering how best to comply with the rules.

What’s a cookie?

A cookie is a simple text file that is stored on your computer or mobile by a website that you have visited. The cookie allows the website to remember things like your browsing preferences, your login details (to save you having to enter them repeatedly), or what’s in your shopping basket. So far, so useful.

The problem is, that cookies can potentially be used to collect and utlize personal details without people’s knowledge or consent. This would be an invasion of their online privacy.

The new legislation requires websites to obtain consent from visitors to store or retrieve any information on a computer or other web-connected device, like a smartphone or tablet. It has been designed to protect online privacy by making consumers aware of how information about them is collected by websites, and enabling them to choose whether or not they want it to happen.

If you’d like more information, take a look at this detailed guide to cookies: http://www.allaboutcookies.org/

So as a web manager who potentially wants to use cookies, what should you do?

Keep an eye on the early adopters

Charities are seldom going to be the leaders in implementing a new piece of legislation such as this, so there may be some merit in waiting to see what some of the countries leading online brands do and to follow their lead. The BBC and The Guardian have now introduced a bar at the top of the page or a pop-up for new users to their sites, which states that they use cookies, and by clicking a ‘Continue’ or ‘Accept’ button, or continuing to browse the site, users automatically consent to their use. They also have a link offering further information and ways to control the settings.

This approach adheres closely to the legislation, which gives users a clear and simple disclaimer, and offers them the option to find out more. Increasing consumer understanding of cookies is one of the main goals, so this approach helps to do this.

Over time the need for such explicit measures will become less needed as websites and technoloigies are updated, and users become more aware of their ability to manage the use of cookies via their browser settings.

So should you do this?

If you are a large charity with a high volume of traffic, it is probably advisable to implement a dislaimer like the BBC version. Small and medium sized charities may want to wait a bit to see whether quick and easy tools become available. The advantage of a popular open source CMS platforms such as WordPress is that the development community will very likely develop some plugins soons soon that offer a quick and simple solution. So a short wait could pay off.

That said, the disadvantage of the BBC’s approach is that it is quite ‘in your face’ on an issue many people may not wish to engage with. So there may be a risk that this approach could scare away potential customers.

A simple and less visible alternative is to add a new navigation link along the lines of ‘Privacy & cookies’ to your website’s main navigation. This link would direct usersto a page that outlines which cookies are used on their site, why, and their options in managing them. The approach has been adopted by some large charities, such as Oxfam and the online retailer John Lewis.

To be fair, this simple approach is less in the spirit of the legislation, but it’s worth considering that many charities use of cookies is fairly limited way, so a simple link to move information is probably adequate – this appraoch is also a lot cheaper to do.

Many organisations may simply wish to wait to see how their immediate competitors and organisations in the shared space choose to proceed before taking any action at all online.

The Information Commissioner’s Office (IOC) has already said that it won’t actively investigate sites unless complaints are made so effectively there is no immediate rush to make changes. That said, the changes will need to be made at some point, so it’s worth giving some thought to how you might tackle them and undertaking a simple audit of the cookies in use on your website to make sure you’re prepared.

Next steps

So the most simple solution is to take these steps:

1. Audit the cookies on your site
2. Develop this into a simple policy and write a page on it
3. Add a link to your utility navigation highlighting the new policy.

This approach can be achieved through your CMS without the need for any additional investment, design or development, although you may need to ask your developer to spend some time auditing the cookies used on your site.

If over time it becomes clear that the norm is to implement a pop-up on the homepage of the website, then this can be built into the next phase of your website’s development. If you’d like some assistance with developing your approach to managing cookies on your site, we’re also happy to offer a cookie support service, so please get in touch for a quote.