Back to Fluid Thinking
What the EU Cookie Law Means for Your Website
Image Credit: Google
On 26th May 2012, the “new” EU Cookie Law will finally be enforced in the UK. The law was first brought into power across the EU last year on 26th May 2011. However, enforcement was delayed for a year to give UK businesses time to fully comply with the rules and regulations set out by the legislation.
So, what is this law?
Why does this apply to me?
Anyone based in the EU and currently running a website on which cookies are utilised has to comply with the regulations set out by the new law. This comes down to either stopping the usage of cookies altogether or asking users for their permission for cookies to be used, also explaining what cookies are being used and why.
First things first…
The first thing you need to do is to run a cookie audit to find out just what cookies your website uses. A couple of useful tools we’ve found during our research include:
- Attacat Cookie Audit Tool – Google Chrome plugin – http://www.attacat.co.uk/resources/cookies
- The Cookie Collective – Optanon – Google Chrome plugin – http://www.cookielaw.org/get-started-with-optanon.aspx
Once you’ve found what cookies are present on your website, you need to categorise them. There appear to be four types of cookies – essential (strictly necessary) cookies, performance cookies, functionality cookies and targeting or advertising cookies. Although cookies that are essential to the running of your website don’t have to be consented to, it is still a requirement that you explicitly explain what these cookies are and why they are used.
There is a useful guide from the ICC that explains more about categorising cookies and what each category means.
Okay, I’ve categorised my cookies – what now?
You have two options here: enabling cookies by default and giving the user a way to opt-out or asking the user’s permission before enabling cookies. The advantage of the first option is that you don’t have to turn off cookies by default as you’re assuming the user will be okay with it – though you still give them an opt-out if they don’t want the cookies to be used. This then means that you won’t automatically lose the statistics you might gain, for example, via analytics.
Once you’ve decided on the approach you want to take, you then need to decide on a consent mechanism to use. This will be the way that you tell the user about the cookies you use and how to consent or opt-out.
The three most popular types of content mechanism are a notification bar, a modal overlay and a pop-up overlay box.
The first is a bar at the top of the page that overlays the content and gives brief information about the cookies on your website, with a link to more detailed privacy information on the cookies. There is usually a checkbox that the user has to tick to approve cookie use on the website.
The modal overlay follows the same structure; however, it could be described as being a little more intrusive as the idea is to completely overlay the content on the website upon first load.
The pop-up overlay box should follow the same style as the modal overlay, though it is less intrusive as it generally just overlays a certain area of the page (such as a corner).
The idea behind these mechanisms is to be intrusive and disrupt the flow of the website so that they get the user’s attention, but to ensure that you educate the user and try and gain their permission to use the cookies rather than scare them away.
A couple of useful solutions we’ve found for consent mechanisms include:
- CookieCuttr – a WordPress plugin that offers configurable messages and adds a notification bar to the top of your website – http://cookiecuttr.com/wordpress-plugin/ (£5+VAT)
Good examples of cookie consent mechanisms
Let’s end with some good examples of cookie consent mechanisms across the web:
- Silktide – www.silktide.com
Silktide also released an eBook explaining the cookie law and what we can do to tackle it. Their consent mechanism is good as it allows you to choose between the types of cookies you would allow to be used – you can choose all, one or none of the types of cookies.
- BT – www.bt.com
BT has a modal overlay that simply pops up in the corner of the screen instead of overlaying all of the content. BT have gone for the option of allowing all cookies and then letting the user decide what cookies they would like to turn off. What is really great about BT’s consent mechanism is the way that you can change what cookies are used. Not only is it visually lovely, but it makes it really easy for a user to see what types of cookies are used and where, as well as seeing what cookies are turned off depending on the level of “cover” a visitor decides to opt for.
- The Guardian – http://www.guardian.co.uk/technology/2012/apr/13/new-law-cookies-affect-internet-browsing
The Guardian currently use an image overlay on a specific cookie-related article to explain what cookies are used, where they are used and why they are used. This is an interesting approach as it shows the user directly what cookies are used and what they relate to.
There are many resources available regarding the cookie law, and those listed above are by no means an absolute guide, but they should give you a clearer idea of what the cookie law entails and how you can try and find a suitable solution for your own website.