We use cookies to ensure that we provide you with the best experience on our site. To learn more about how they are used please view our Cookie Policy.
If you continue to browse our website we will assume that you are happy to receive cookies. However, click here if you would like to change your cookie settings. [X]


Cookie law part 3: next steps

29 February, 2012 - Source: Bray Leino

Bray Leino Yucca's Jemma Watkins presents our third blog on EU cookie law.

The legislation deadline for the new EU cookie law is looming mere months away. Here are six straightforward steps you should take now to ensure you're moving towards compliance by 26th May.

1. Run a cookie audit
Review all the cookies you currently use on your website. Which ones will be deemed essential and thus exempt from the cookie legislation? Are there any you don’t require any more? See this as an opportunity to clean up your cookies. Review what the non-essential cookies are doing for you and how you will explain this to your users.

2. Assess the intrusiveness of your cookies
Following on from the audit, assess whether any of your cookies could be deemed as intrusive, such as remarketing cookies or cookies that track your habits across the web. The guidelines around “intrusive” cookies are a bit vague as it’s such as subjective issue, but essentially the more intrusive it is the more carefully you should spell out its existence and the way it is used to your web users.

Of course, if these aren’t absolutely necessary to your website’s operation you may wish to remove these entirely.

3. Check your privacy policy
Does your website’s current privacy policy outline how you use cookies and for what use? Revise it to outline this clearly so that users can make informed decisions on whether to opt in to use cookies, or consider creating a separate cookie policy if you’d prefer.

4. Check contracts and define responsibilities with agencies/internal teams
Who will be responsible for implementing any changes to your cookie usage, your privacy policy and your request for user consent? Define roles and responsibilities with your internal team and/or agency. Whether you are client-side or agency-side, consider including these definitions in your contracts for clarity.

5. Discuss the best options for informing users and gaining consent
What will work best for your website’s users to inform them of the upcoming changes and to request their consent – an overlay? Changing the website’s home page? Emailing all registered users? Writing a blog about it? All of the above? Talk to your agency to work out what options are best for you.

Remember, you’ll need to ask for explicit consent from users to store cookies on their machines, so you might want to look at ways you can encourage users to give consent, such as offering access to specific or exclusive content in return for opting in.

6. Create your cookie compliance plan
Once you’ve audited your cookies, defined responsibilities and worked out how you will ask for consent draw up a detailed plan, including a timeline of activity showing what you intend to complete and by when. Include any barriers to compliance, such as costs or technical issues.

That way, if the compliance police come a knocking, you can use the plan prove that you are working towards being on the right side of the cookie law.

Thanks to Andrew Tibber at Burges Salmon for his legal insight into this issue.

Your session will expire in xx.xx
Continue or Log Out