Off To See My Lawyer
'Oven-Ready' Document Shop Click here to sign up for our latest updates

Posts Tagged ‘cookies’

Beware of the cookie monsters!

Monday, May 21st, 2012

On 26th May 2011 the new EU Cookie law came into force which applies to all website operators who use “cookies” to track their visitors’ movements and choices around their site. Sadly these are not the edible variety otherwise there wouldn’t be such a fuss!  A cookie is a small file of letters and numbers downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognise a user’s device such as a mobile or computer and will assist with logins or enhancing the shopping experience. Say you go to Amazon and browse books on travel to Eastern Europe. A cookie will ensure that next time you visit their site, titles are suggested to you on exactly that subject. Think of a cookie as a little piece of memory.

Beware of the new cookie laws!


The previous rule on using cookies for storing information was that you had to:

  • tell people how you used cookies, and
  • tell them how they could ‘opt out’ if they objected.

Many websites did this by putting information about cookies in their privacy policies and giving people the possibility of ‘opting out’. So they basically kicked in automatically unless you objected.

The new law requires website operators to make sure they have their visitors’ “informed consent” for the use of cookies. This must be in place before 26th May 2012.The changes aim to give users more choice and control over what information businesses and other organisations store on their computers and how they track users.

What should you do now?

  1. Establish what cookies, if any, you have on your website. You may have had the site developed for you and so you need to ask your website developer what cookies they used. See the checklist below for what you need to identify.
  2. If you do have cookies, decide which ones are essential for your visitors’ use of your site. For example, a cookie that tracks what a customer puts in their shopping basket would be considered essential and therefore may not need the customer’s express consent. A non-essential cookie that tracks that the customer had a good browse in home furnishings  before going to children’s’ wear on the other hand may be considered intrusive and therefore require express consent.
  3. Draw up a plan that shows that you are addressing the use of cookies and that you are putting into place a procedure to comply with the new law. This will be important if the ICO does come after you.
  4. Establish how you will get a visitor’s consent to the use of cookies. One option would be to have pop- up box that alerts users to cookies and asks them to agree. Alternatively, the ICO have said that getting users to agree to your Terms of Use/Privacy Policy would also work. However, instead of just displaying them as a link on your website, you would need to get them to tick a box, indicating their express acceptance of them or draw attention to the terms e.g by addign NEW next to them or re-naming your Privacy Policy as ‘Privacy and cookie policy’.
  5. Check that your Privacy Policy spells out exactly what information is being collected by cookies. The bottom line is that you need to be upfront with users about how your website operates. Our ‘oven-ready’ Privacy Policy template can help you do this.

Checklist for cookie audit

  • Cookie ID: ID of the cookie as it appears in the browser cache.
  • Cookie name: label of the cookie.
  • Cookie type: “session” or “persistent Session cookies just remain on a device for a website visitor’s visit whereas persistent cookies remain on the device even after the session ends so that when a user returns to a site, he/she will be remembered
  • Cookie life: if persistent, how long does the cookie last?
  • Cookie owner: first party or third party i.e. has it been placed by the website owner or a third party with whom the website owner has linked up
  • Source domain: domain that the cookie is associated with.
  • Data collected: type of data each cookie collects and whether it links to other information held about users.
  • Purpose: what the cookie is used for.
  • Any tracking? Does the cookie allow tracking across a number of websites?

So in this ever-increasing age of Big Brother and seemingly unfettered trend towards monitoring all of our movements, I believe this law is a move in the right direction. It shows that not everything we do in the e-commerce space needs to be recorded or tracked. We should be free to shop as we please. Just imagine if there were cookie-type robots in real life that stepped out as we entered a shop. I have visions of a middle aged man entering a department store with his stout, middle aged wife and the robot exclaiming: “Ah, Mr Brown! Welcome back! I know last time you visited our shop, you spent half an hour in the lingerie department. Would you like me to take you straight there this time? We still have that little size 8 leopard skin number you liked.” Could lead to all sorts of interesting conversations with his wife ….

EU Regulation on “cookies” to be more strictly enforced in May 2012

Tuesday, April 10th, 2012

Prior to May 2011, the owners of UK websites were legally permitted to set up a system whereby small data files called “cookies” could be automatically installed onto the hard drive of the computers of any visitors (to the website).  These cookies record the on-line browsing activities of the visitor – both for the essential purpose of facilitating certain transactions (such as the sale of a product), and for the less essential purpose of targeted advertising.

On 25 May 2011, however, the UK implemented new EU Regulations which essentially require the consent of the consumer/ website user before a cookie is installed on his/her computer. The Regulations recognise the fact that certain information needs to be retained in order for an on-line transaction to take place.  Therefore it qualifies the rule by applying it to any personal information which is not “strictly necessary”.

The UK authorities allowed for a 12-month “grace period” which is due to end on 26 May 2012, which means that a breach of the new law could mean a monetary penalty – and in some cases even a criminal prosecution, if deemed serious.

Of course, Off To See My Lawyer adapted its template Privacy Policy in time for 25 May 2011, and we have been advising our clients accordingly – so existing clients need not be concerned about the end of the 12-month “grace period”.  For any prospective clients, however, please contact Jo Tall at for advice on how to comply with this E-privacy law.

Follow this link for great, straightforward advice on cookies!

Monday, June 20th, 2011