shopify agency of the year

Aug 08,2011 Shopify API

Guide to Internet Cookies

If you are new to the internet then you could be forgiven for thinking that cookies are a type of delicious biscuit. If you're not new to the internet then you will be aware that on 26 May 2011, the rules and regulations regarding cookies changed and that website owners have had to become more proactive in explaining to users how their details are used and stored.

We have put together a quick guide to cookies that will explain everything that you need to know about the regulation changes and what you can do to stay on the right side of the ICO.

What is a cookie?

A cookie is a small file of letters and numbers that are downloaded to a device e.g. a computer or mobile phone when the user accesses certain websites. These cookies allow the website to recognise the user's device.

There is usually nothing sinister at all about this as cookies can perform many useful functions to the user.

When you access a website, your browser is requesting information from the website's server. The server issues the cookie file which is stored on your browser. The cookie file usually contains the alphanumerical details of the cookie, the name of the server that the cookie was sent from and the lifetime of the cookie.

Cookies usually expire within 30 days and the files are deleted from your browser's memory.

What has changed?

Before 26 May 2011, all a website owner had to do was state that cookies were used and that users could opt out. Most website owners would drop this information into their privacy policy.

Now, cookies can only be placed on a user's device with explicit consent. The only exception is when the use of cookies is “strictly necessary”.

The law has a very narrow interpretation of this so you may use cookies in an e-commerce website so that the user's browser remembers what is in their basket when they navigate from one page to another, however, you would not be able to store cookies that remember the types of products your customers were browsing.

What will happen if I haven't made any changes yet?

The changes were implemented months ago but it's understandable that some business owners are so busy that they wake up one morning and suddenly weeks have passed since they added something to their to-do list!

Fortunately, the government is taking a phased approach to implementing these new regulations.

If the Information Commissioner's Office (ICO) were to receive a complaint then they will work with website owners to make their websites compliant.  Whilst the ICO doesn't appear to have outlined how they intend to enforce these regulations, it is advisable to speak with your web design agency a.s.a.p. to find out exactly where you stand in relation to the new regulations.

How can I make my website compliant?

1. You could infer consent from a user's browser settings, however many browsers aren't sophisticated enough for you assume that consent is actively given. Some browser settings may allow some types of cookie but not others. This will be an option in the future but not something you can realistically rely on right now as the current ICO regulations don't allow it (watch this space for a predicted change though).

2. The ICO website (see the screenshot) has a banner at the top of the page asking users to accept cookies from their website. This is one method you can use to get consent, however, it can be distracting and intrusive for your website's design.

3. You could add your cookie information to your terms and conditions for when new users sign up to your website. Please note that you would need to alert existing users to these changes and you would need to send an email out or find another way to inform your users of how you use cookies.

There are loads of imaginative ways that you can make your website compliant with the changes. Whilst these changes have now been implemented, if a complaint hasn't been made about your website you can't assume that one won't be made in the future and so you don't have to do anything. If you are unsure about whether your website is compliant with the new regulations then speak to your web design company.

Disclaimer: We do not take any responsibility for how your website complies with laws or regulations, this information is general guide only.