Do you run your own website and are you based in Europe? Are you using Google analytics or embedding any Google maps, Facebook “like” buttons, YouTube videos on the pages?
If so, by Friday you may well be breaking the law and could be held liable!
That’s right folks! For those who haven’t heard already – it is now compulsory to let people know you are setting cookies on your web-pages and they have to agree to “opt in” rather than the “opt out” (as has been the case until now). That is unless they are deemed “absolutely essential”. Sadly – none of the above will qualify as “essential”.
Scared? Well you’ve all had a year to patch. No – I didn’t hear about it until recently either. Naturally many people are now running around like headless chickens!
Unlike a rather unhelpful talk I went to on the subject recently, I will at least try and point worried folk towards “some” direction. Disclaimer: please note I am only pointing, I am not a legal professional. It is ultimately your responsibility to decide how you should proceed:
- Firstly, show the ICO you are taking things seriously by producing a cookie audit (if you haven’t already). Browsers themselves tend to list the cookies, but there are some free tools out there which can also help. Do not pay for these tools, some people are charging! Here is a free example of a plug-in for Chrome which you could use. There are no doubt many others out there also.
- Next write a privacy statement which contains the cookie audit as part of it. Make it easy for non-technical people to read. Explain all cookies you set, where you use them, what you use the cookies for. Make the link obvious and ideally appear on all pages (perhaps in a header/footer).
- If possible look for a pre-existing script to do some of the hard work for you (this is just one, if it is helpful buy this chap a beer!)
- There are lots of other useful sites out there – such as this one. If you haven’t already: Go! Research!
I’ll end by saying I find a lot of this daft. So much so, that the people who are enforcing it (the ICO), set a cookie when you say “I don’t want cookies” but “I want you to remember that I don’t want cookies”. Completely barmy! I believe it makes more sense to force compliance at the browsers application end, rather than stressing so many web-developers out of their minds unnecessarily! Now what was that well-known saying about what “the law is” again?