- To track logged-on members, the cookie identifies your visitor and confirms that they have logged in, and are entitled to view a given page.
- To remember what visitors have looked at – allowing the site to maintain a back history (this might be ‘previously you viewed the following items’, keeping track of a shopping basket, or smart behaviour, such as only showing the introduction to a movie or animated display once).
- To track what users did on your site, possibly passing this information on to a third party. Whilst the information is ‘anonymous’ – the visitor is usually only identified by their IP address* – with enough linked sites a commercially useful profile of your visitors can be built up.
At CookandKaye we don’t use option 3 above, which is the one that is causing legal concern, unfortunately options 1 and 2 will also be caught by the proposed legislation. As a consequence, you may need to look at your existing web provision. Whilst prosecution is not imminent for any site, we recommend the following policies to cover this possibility:
With login forms: We recommend a comment to be added below the login form, to the effect:
To access this section of the site you must permit us to save a digital key on your computer called a cookie. This cookie will not be used to track your browsing history.
With shopping baskets: ICO says that if a cookie is essential to permit an activity, no consent need be obtained. In spite of this we recommend a comment to be added below the button to the effect:
To save an item to your shopping basket you must permit us to save a digital key on your computer called a cookie. This cookie will not be used to track your browsing history.
With smart sites: Here the problem is a lot more difficult to solve satisfactorily, as the objective is to help the site run smoothly, not pop up warnings that it is about to save cookies on your browser. Unfortunately these just look like you are trying to do something dodgy, and are likely to damage your relationship with the visitor, rather than match your intent of offering them a tailored service. ICO has not yet published its guidelines, so for the moment we suggest placing a note in your footers to the effect:
Cookies are used on this site to help personalise the browsing experience for you. No information about your browsing history is taken from them.
If you do acquire browsing history, you need to seek legal advice here!
We don’t think there is anyone in the web-design industry who supports the new legislation, which, paradoxically, may oblige us to capture more detailed traces of IP addresses, if not actually save cookies on visitors’ computers. In the UK there is some reluctance to introduce the legislation, and a sizeable breathing space is being allowed for us to get ourselves organised to meet its requirements. Unfortunately we have to live with it, and we need to start living with it now. If you need help implementing any of these guidelines on your site please contact us.
More information is available through the BBC – see article linked below:
Websites told to ensure cookies comply with UK law (includes a link to ICO’s current guidelines).
* More clearly private data – linking the IP address/browsing history to a person’s name or physical address, which you might be able to do after your visitor has logged in, is already restricted under the data protection act – there is a good review of this on the BCS website:
Data Protection Act 1998 overview
Cookie crumbs: Update August 2011