As of the 26th of May 2012, the way you use cookies on your website will change.

The new EU law, commonly known as the EU Cookie Law, is now part of the UK’s Privacy and Electronic Communications Regulations. Considering the vast majority of websites use cookies, odds are you could be breaking the law if you don’t comply with the new regulations.

If you use analytics, including Google Analytics, to track website traffic and other information, this law does affect you.

What Is Changing

The EU Cookie Law doesn’t mean you have to stop using cookies.

Cookies are commonly used to store information on a visitor’s computer or other device for the website to access later, such as log in data and site personalisations. Websites often use them to track visits overall, per page, incoming links and link clicks.

For many, Google Analytics is the only way they can track their site’s performance. At the end of May, you’ll now be required to ask for a visitor’s consent before storing or retrieving information on the user’s device, such as a computer, smartphone or tablet.

Cookies can still be used, but you must have permission first.

How This Affects You

The problem with the EU Cookie Law is many visitors may not consent to the site’s use of cookies. Many believe they are an invasion of privacy. The entire purpose of the law is to give visitors more control over their privacy.

When it comes to analytics, it is impossible to gain a clear view of a site’s performance when the majority of visitors do not allow cookies. Essentially, it renders analytics useless.

However, you shouldn’t be too concerned if the only cookies you really use are for Google Analytics. As with any law, there are exceptions.

While it is still unclear whether analytics cookies are excluded, most experts agree site owners will be able to use them after the law goes into affect without first asking for permission.

The UK’s Government Digital Service is one of the many arguing that analytics cookies are minimally intrusive and essential to a website’s success.

You can check your own site’s cookie compliance at http://www.cookielaw.org/get-started-with-optanon.aspx.

Should You Change

For the time being, it is still safe to continue using Google Analytics as you’ve always done. Until the EU Cookie Law is clearer on what is and isn’t allowed, follow the GDS’s example and continue as you were. If you are using other types of cookies, your best bet is to ensure visitors are informed in as clear a manner as possible about the purpose of the cookie. A clear, concise explanation will help you get their consent.

Update

Since this article was written our advice has changed slightly (thanks in part to this article by Joel at JoJet). We still don’t believe that there’s anything to be worried about but for our clients that use Google Analytics we are recommending that they add a simple Terms & Conditions page or at least a line of text to their footer stating that the site uses Google Analytics and users should disable cookies in their browser if they don’t wish for their visit to be tracked.

For specific advice on this and any other legal issues regarding your website privacy please speak to James Lancaster of Lancaster Legal (telephone: 07855755362 email: james@lancasters-legal.co.uk)
Toggle

ICO on new Cookie Law: 'Don't expect torrent of enforcement action'

ICO may give organisations years to comply with EU cookie law

Cookies Regulations and the New EU Cookie Law - ICO

Toggle