If the first thing that came to mind when you read the title of this post was a tasty biscuit You should keep reading. Whether you are already responsible for a website or you're about to be, you need to know about the law in relation to Cookies. And all across Europe certainly already including the UK and Spain, governments have enacted legislation that obliges the owners of website to inform their visitors and obtain their consent for the use of cookies.
This measure, stems from a European directive designed to protect the privacy of users by informing them of the existence of Cookies and the possibility of accepting them or not.
For a start, What is a "cookie"?
All internet users encounter cookies, when you visit a website, that website can and most do, instruct the user's browser to store some data on their computer or mobile device and check for the presence of the data next time you visit. They are most often used to customise your experience - to remember your settings - for example which language you used the website in, the fact that you've used the website before etc. they can also be used for marketing purposes, for example tracking which products you looked at to work out which other products might be of interest or to suggest you add these products to your order when you check out. Probably the most common usage is for providing aggregated usage statistics in Google Analytics.
Should we be worried about cookies?
Like with all technologies, it depends who is using them and for what. Cookies themselves are useful both for website owners and for website visitors, cookies can be used abusively - for example to raise the price of an item such as a concert or airline ticket each time you visit to induce the sensation that you need to buy now because the price keeps going up! Or as in the examples we gave earlier, they can be used in a legitimate way to improve things for users and for website owners.
Types of Cookie
All cookies are not the same not all digital platforms use the same types, nor are all cookies necessarily regulated in the same way. Here are the classifications used in the European legislation, the lines between categories may not be open to some degree of interpretation:
- Technical Cooklies - Those that are of vital importance for a website to function, for example some websites store your online order as you add items to it, in a cookie
- Analytics Cookiess - Used for statistics gathering such as in Google Analytics
- Personalisation Cookies - Used to personalise content, like in the examples about language settings or previously visited products given above
- Advertising Cookiess - Used to improve the efficiency of advertising spaces. It was probably Google's use of cookies for remarketing (showing you adverts for products you already browsed) that drove the perceived need for legislation
So, who needs to comply with the legislation regarding cookies?
Basically, In Spain, all companies and freelance professionals must comply and the sanctions for non-compliance can be up to €150 000
And how should we comply correctly with the law?
There are various ways to appropriately inform visitors about cookies: a pop-up, a landing page, a very visible message in the header or footer of your website. In all cases, you should:
- Explain what a cookie is, what types of cookie your web uses and why
- Inform clearly and visibly about your cookie usage and policies. You should not require your visitors to scroll to see the first item that draws their attention to the use of cookies
- Ask clearly that users accept the use of cookies on your website
- Offer the necessary instructions in clear language so that, users can disable cookies in their browser if they wish
Prevention is better than cure
As you will have no doubt understood, the new legislation is pretty tough. If you have any doubts or questions about how to implement cookies or cookie compliance on your website do please contact an expert. It doesn't make sense to risk the reputation and image of your firm aside from the potential fines.
Funnily enough, generally, the acceptance of the use of cookies by the user is usually stored in a personalisation cookie so that they don't have to accept it every time they visit your website. Whilst the cookie legislation won't prevent unscrupulous website owners using cookies in bad ways, the legislation has certainly raised public awareness about cookies and as with all matters relating to online safety and security, user awareness and vigilance is the most effective means of keeping people safe.