Skip navigation.

ICT Management. > Legal Issues
Your Online Presence > Designing A Site
News & Events > Lasa Technology Events 2012

Data Protection Webinar: The New Cookie Law

By Lasa Information Systems Team

This article provides an overview of the webinar which Paul Ticher and Lasa ran looking at the implications for the third sector of the cookie law, the essence of which is that someone else must not store information on your computer without your prior informed consent.

Background

For general background to the webinar and the cookie law issue, see Paul Ticher's Data Protection Roundup April 2012

Presentation

The New Cookie Law
View more presentations from Lasa

(Please note that links to services that you may see at the end of this presentation are placed by Slideshare and are not endorsed by Lasa or Paul Ticher)

Webinar video

This recording of the second cookie law webinar run by Lasa and Paul Ticher can be watched on the embedded video above or on Vimeo in high definition.

Q&A

Questions raised by participants during the webinar and replies from Paul Ticher (PT):

Q - What is deemed 'strictly neccessary' in terms of cookies for functioning of a website?

PT - I think it has to mean something without which the website would be unable to deliver whatever the user is trying to obtain from the site or do on the site.

Q - How should you deal with third party cookies e.g. Google Analytics? Is it a possibility that after a rethink the IC will allow tracking for Analytics purposes only?

PT: These are covered by the rules, but the Information Commissioner is not going to take any precipitate enforcement action until they have worked out the best solution. A total exemption is unlikely.

Q - Where you say that the IC doesn't see the enforcement of analytics cookies as a priority - could you share the source please?

PT - See  this article on Out-Law.com.

Q - This all seems to presume that each user has one computer - yet many people access the web at community computer centres, where each computer will have a succession of users. Are we to suppose that this should apply only to logged-in users?

PT: There is some confusion in the legislation between the 'subscriber' who pays the bill, and the 'user'. Where a computer is used by lots of different people it could be the subscriber's decision, not the individual users'.

Q - A lot of community websites are done on things like wordpress, where people have no idea what's going on under the bonnet, and won't know if cookies are being used at all. Is there an easy way of finding out?

Participants made some useful comments on this:

A. You can see which cookies are set for a particular site in Firefox by left-clicking on the favicon in the address bar (the icon on the left of the URL)

A. Some info re self hosted Wordpress cookies.

A. Debate on wordpress cookies.

Q - So if you have a sign in link, are you suggesting we should mention cookies used?

PT - Yes, that's a good place to mention them.

Q - How will social networks (facebook/twitter) be affected? particularly for companies running pages on these sites and for gathering data on age groups/gender/location etc...

PT: Don't know. It might be the responsibility of the site, not the company/organisation, but this is unclear.

Q - Re: Facebook/ Twitter - as these are US sites will the cookie law be applicable? Or is it more about where the users are based?

PT: EU law rarely gets enforced in the US. It depends on the answer to the previous question. If it is the company/organisation that is responsible, the law would apply to anyone based in the UK.

Q -  Is this primarily about privacy (in which case it's irrelevant whether data is stored server-side or client-side) or storing data on user's computer (in which case any other methods of tracking users is fine)? What tracking are people concerned about?

PT: Things that are done in the background, without people's knowledge, and largely for the benefit of the site provider and its advertisers.

Q - By having a big box at the top of the screen like that how do you see it affecting things such as bounce rate/conversions on sites that are selling things?

PT: Quite likely. It remains to be seen which approach is found most effective and best all round.

Q - Are you aware of any plugins we can install on our websites to help with this law?

PT: There are some ready-made solutions. See Wolf Software and Social Media Charity - Solution to the EU Cookie Directive Problem with CivicUK for examples.


Q: Why do I see BBC cookies listed in Firefox when I haven't visited
their site?

PT: This would probably be a third party cookie. The BBC has a list of its cookies on
its web site - see the links at the bottom of the page (Privacy, cookies, etc). "The BBC uses a number of suppliers who also set cookies on the BBC website on its behalf in order to deliver the services that they are providing."

Q: Do you have any examples of good cookie statements in T&Cs?

PT: Try the BBC.

Q: Can you say something about e-bulletins - tracking links followed etc?

PT: If you use cookies to enable you to track responses, the best option - I think - must be to get permission for that as part of the sign-up process.

Q: Any good tips on tools to find which cookies are used on your site?
Preferably not one page at a time.

A: Cookiecert is useful for this

Q: Neither of the examples of cookie policies include a 'dismiss' or 'X' close box option. Shouldn't that be an option in terms of usability at the very least?

PT: I don't think it's necessarily a good idea, because the only way to make it apply to future visits would be to store a cookie - which you can't do.  But yes, in terms of removing unnecessary screen clutter.  (I have not looked into how the various solutions work in terms of accessibility.)

For information

Waitrose.com has quite a prominent link to their cookies policy at the top right of the page... but I haven't clicked through to see where else they might pop up.

Another tool that looks across a site is Optanon Audit which is a free download for Chrome. Looks to be a straightforward tool that covers cookies on all the different pages you explore. But there's a paid-for element to it, should you wish it to turn into a opt-in function declaring the relevant cookies.

Resources and examples

Further reading

Louise Brown has also blogged about the webinar. 


About the author

Lasa Information Systems Team
Lasa's Information Systems Team provides a range of services to third sector organisations including ICT Health Checks and consulting on the best application of technology in your organisation. Lasa IST maintains the knowledgebase. Follow us on Twitter @LasaICT

Glossary

Blog, Browser, Cookies, PDF, Software, URL, Web Site, Webinar, Website

Related articles

Published: 19th April 2012

Copyright © 2012 Lasa Information Systems Team

All rights reserved

User comments and discussion

If you have useful information to add to this article please Add a comment. Comments will appear after they have been moderated.

Discuss this topic in the Knowledgebase forums. This is a useful place to share knowledge, experiences, and ask questions.

Please sign in or register to be able to post a comment or discussion.

abamaison
23rd April 2012Another implementation example on the Go ON UK site http://www.go-on-uk.org/2012/04/19/about-us/

WilliamMortada
25th May 2012The Community IT Academy have provided this advice to organisations in the North East of England:

http://www.communityitacademy.org/news/154-is-your-website-ready-for-the-new-cookie-law

abamaison
28th May 2012Cookie law changed at 11th hour to introduce "implied consent" http://m.guardian.co.uk/technology/2012/may/26/cookies-law-changed-implied-consent?cat=technology&type=article