• français
  • RSS
Impact - A Blog by INM

Understanding the New EU Cookie Law

June 11, 2012 by Andrea Simmons
Chocolate Chip Cookie

In late May, the European Union (EU) implemented a new law that requires UK-based websites to warn visitors if they use cookies on their sites. Cookies are used for many purposes, including storing information in shopping carts, delivering targeted advertising, remembering logins and other credentials, and for remembering preferences like text size or color schemes.

In essence, cookie technology helps organizations collect profile and preference information that allows them to deliver the personalized and more targeted experiences that consumers are expecting today. More than 60 percent of tracking data today is powered by cookie technology. While there are other technologies that allow for data collection and tracking, cookies are an easy option that many technologies still leverage.

Contrary to the reactionary coverage it has generated, this law does not state that cookies cannot be used; it only states that visitors must be informed of their use and must provide “consent”. For many organizations it is the definition of consent that is still fuzzy. Just a few days before the legislation compliance deadline, the UK’s Information Commissioner’s Office (ICO) updated its guidance on the law to allow for implied consent. This means that if the website or application discloses the use of cookies and the visitor continues with its use, the user’s consent is implied.

Consent form to allow cookies

US and Canadian companies with a presence in the EU are liable to these laws. So firms that have a dedicated page for the UK, Italy, France, Germany, etc… are required to disclose cookie use, but just for these EU-targeted pages, not for their full website. The same goes for firms pushing mobile applications out to international app stores (like the Apple App Store, Google Play or the Windows Phone Marketplace).

This law came into effect on May 26, 2012 more than one year after it was originally announced. But even with a year to prepare, very few organizations have implemented a change on their sites.

So far, the ICO is not targeting individual sites for compliance, they are focused on ensuring that the top 50 high profile organizations like Google, Facebook, AOL and Apple UK are onboard and poised to set a good example. The ICO has the power to fine organizations up to £ 500,000 but is not enforcing this for most companies yet.

If you have a UK presence for either a website or app, it is a good idea to look at this issue now and see how to work toward compliance.