Be sure your website is cookie compliant and you’re adhering to the law!

The law on cookies actually changed back in May 2011 but the Information Commissioners Office had given a 1 year “grace period” and that period expired on the 26th May 2012 but many websites are still not fully compliant.

The compliance requirement means website owners must inform and seek the consent of website visitors as to the type of information stored or retrieved on a computer or other web connected devise so that they can choose whether or not they want that information to be stored or retrieved.

If you own a website or you are a Company who has designed and developed a website you must consider the requirements of the Regulations. Whilst you may not have complied with the Regulations to date you need to ensure your website is compliant and that any development of new software, or upgrades are compliant. Many sites dont use cookies but do be aware that google analytic codes are classed as cookies and most sites do have this in place.

What do you need to do to comply: You will not store or gain access to information stored, in the terminal equipment of the subscriber or user unless the following requirements are met;

The subscriber or user of that terminal equipment

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information and;

(b) have given his or her consent.

The requirement therefore is for the provision of clear information about the cookies i.e. telling people that there are cookies, what those cookies are doing and to obtain consent from the user or subscriber to store a cookie on their devise.

Consent must be valid and well informed.

Websites therefore need to carry out an audit as soon as is practicable to look at the type of cookies used, how intrusive the use of the cookie is and what is the best way of obtaining consent.

The Information Commissioners Office have guidance on complying with the Regulations but the best guidance is to take practical steps to comply and the first step is to carry out an audit.

Seek out The Privacy and Electronic Communications (EC Directed) Regulations 2003 for full details.