When you visit most websites, mini data files known as ‘cookies’ will place information on your computer’s browser. When you next return to the site, they’ll retrieve it, using it to help improve your interaction with the site and give you a better overall user experience.

The Cookie Law is a piece of privacy legislation that requires website owners to make visitors aware when cookies are being used, and to get their consent to store and retrieve information. Beginning life as an EU Directive, it was later incorporated into law by all EU countries including the UK, where it’s covered by the Privacy and Electronic Communications Regulations.

Although it’s been in place for several years, there’s still a lot of confusion about the Cookie Law. It’s something we’re often asked about, and while our expertise lies in designing and building websites rather than the legislation they’re subject to, we wanted to set out our own understanding of what website owners need to do to ensure they’re compliant.

First though, let’s take a closer look at cookies and how they work.

Cookies are simple text files that are downloaded onto a visitor’s browser the first time they land on a new website. They enable the website to ‘remember’ information about them in between visits, and as they move from page to page.

Each time you visit a website, it will check your browser for cookies. If they’re detected, the information in the cookies will be retrieved and used to tailor your online experience – for example by presenting you with content about products or services you’ve expressed an interest in before, or by intuitively populating forms with personal information you’ve previously input to save you time.

While most of us are generally happy with cookies being used this way to make our lives easier, they are also utilised by some organisations to create behavioural profiles on individual users, collecting data across multiple sites, and using this information to target them with personalised advertising and promotional campaigns. It was to address this kind of intrusive activity that the Cookie Law was introduced.

What You Need to Do to Be Cookie Compliant

As a business, doing nothing is certainly not advisable. Although the regulating authority in the UK – the Information Commissioners’ Office (ICO) is primarily concerned with applying the law to larger organisations, it has real powers and can impose fines and penalties.

In addition to the legal aspects around the Cookie Law, consumers are becoming more aware of online privacy issues, which means that they’re increasingly likely to look for reassurance that any business they are dealing with online takes its privacy responsibilities seriously.

To comply with the Cookie Law, you need to do two things:

1. Carry out a cookie audit

You need to understand the cookies your site is using – and what they are doing.  The simplest way to check is to visit http://www.cookie-checker.com/ where you can carry out an online audit, and see all the cookies your site uses. Be aware that if your site is using any third-party plugins – like Google Analytics for example – these may be placing cookies on your visitors’ browsers without you realising it.

2. Create a Cookie Policy

Having identified all the cookies your site uses, you need to advise visitors how you’re using them. Having a Cookie Policy on your website that gives visitors full details about the cookies you’re using, and what you’re using them for, will ensure you obtain their informed consent.

WordPress doesn’t use cookies by default, so if you have a WordPress website, you don’t need a Cookie Policy – unless of course, visitors are logging into your site, or you’re using third-party plugins that use cookies, in which case you’ll require one.

If you want to be super cautious and have the full belt and braces, as well as a Cookie Policy, you could also select to have your website display a pop-up window advising visitors you’re using cookies, and requiring them to check a box to confirm their consent.

This option is generally used by larger organisations, and while the law is a little unclear, it’s generally not considered an essential requirement for small and medium sized businesses. So, if you fall into this category, an accurate, up to date Cookie Policy is all you need.

Be a smart cookie – make sure your website complies with the Cookie Law!

If you have a question about any aspect of website design or build, get in touch now by sending us a message or calling us on 0118 380 0131 for a chat.