Cookies and privacy in laymens terms with 3 quick and cheap actions you should do now

A number of my customers have asked me to explain the new UK and EU cookie laws in laymen’s terms so here’s my best shot. I’ve also included a short list of actions you might want to consider taking to protect your business that won’t cost a great deal to implement.

Firstly, and most importantly, you need an understanding of what a cookie is in Internet terms. In essence it’s a small text  file that a web site downloads to your computer when you go onto and surf through the site. The cookie goes into a cookie folder on your computer. If you have a look at this folder now you’ll be surprised at how many of these you already have on your system.

To get a view on how useful they are you can delete ALL your cookies (under options in your browser) and see the effect on your browsing. You will need all your usernames handy as when you ask a site to remember you it does so with a cookie.

So why have the bureaucrats decided they are harmful? Here’s the problem, most cookies are harmless and are designed to make our lives easier. For example if you are on a shopping site and are halfway through a purchase and a friend comes to the door, it’s likely that while you’re chatting your shopping cart session will time out. This means that when you get back to your computer you have to start again. If that site uses a cookie to tell your computer where you were in that process then when you log back into your secure account the shopping process will take you back to where you left off. Pretty useful?

Another very common use of cookies is in website analytics that use on page scripts. These include Google, Yahoo, Omniture, WebTrends, and many more. These products track your use of the web site but do not store any personal information. Their sole purpose is to allow us geeks to look at how you as users are interacting with our site and use the information to improve the site and therefore make it easier to do business with us. Overall a good use of cookies.

There are a few more common uses like your CMS, forms, and others, but let’s skip to the bad stuff.

Have you ever been online and shown an interest in something, perhaps looked at several products doing research, or started to make a purchase and decided against it? Then as you are surfing about later advertisements appear for exactly the products you are interested in, even days or weeks later? Coincidence, of course not! This is done using tracking cookies and these are the main perpetrators the new laws are trying to stop.

The legislations goal is well intended but the problem is a difficult one to address so they chose a sledgehammer to crack this particular nut making useful cookies into demons and therefore penalising everyone for the sake of a few.

Ironically if you look at the ICO website there is no “Reject” option. You can only “agree” to have cookies used so what’s the point? We are all going to click on agree if only to get rid of the stupid box or because we have no idea what a cookie is. It’s all a bit poorly thought through.

So what should you do?  DON’T PANIC! Firstly you have until April 2012. But here are 3 actions you should do as soon as you can:

1. Get your web designer to list or audit all the cookies your site uses and list them in your privacy policy.
2. Consider which of these cookies are no threat to privacy and which are an intrusive threat to privacy. You will need a policy if you have cookies at the latter end of the scale.
3. Read a copy of the ICO guidelines

The ICO are currently working with browser developers to see if functionality can be added to address this issue here. No action will be taken against any web sites until this route is complete.

If a complaint is received against your business you will need to show what you are doing to adhere to these new laws. Go back to points 1 to 3.

I would advise that all companies carry out points 1 to 3 at this stage but wait for a few months or so and see how the browser developers react. You should also find out what developers for your web sites platform (WordPress, Adobe, DotNetNuke, etc.) are doing. There are already low cost plugins for WordPress addressing this issue.

The penalty for breaking the Privacy and Electronic Communications Regulations is a fine of up to £500,000. These regulations also apply to unwanted email marketing, live and automated phone calls and texts.

This legislation is there to stop the bad guys. If you are adhering to ecommerce and distant marketing best practices you have nothing to be concerned about.