Now is the time to think about Cookies

The EU's Privacy and Communications Directive comes into force on 26 May 2012. The act requires user's consent before using cookies.

So what is a cookie?

At its simplest level a cookie is small text file which stores the name of the site and a unique reference for the user. It is usually date stamped so it will expire naturally if you don't revisit that site.

This type of cookie is used so that a website can recognise a returning user, so for example if you set specific accessibility settings the site will remember this. It is also used so that when you purchase an item on-line the site remembers your purchase when it reaches the checkout.

A cookie can also mean that a site administrator can tell how many new visitors they get and how many returning visitors. For some people this is where it gets scary and they are uncomfortable with organisations knowing their browsing habits and potentially being able to target marketing against the interests identified through your cookies.

There are a few different types of cookies:

• a session cookie that is removed when you close the browser
• a persistent cookie that will stay on your device for a fixed period of time
• First party cookies: set by the site you are visiting
• Third party cookies: set by sites linked to the site your visiting so for example the ads down the side of this page.

On the whole cookies are not harmful but they do allow businesses to track a users browsing activity. For example this site uses Google Analytics (GA). This means that a GA cookie is set and this allows the site to collect statistics on the number of new visitors, and the number of returning visitors. If the user does not accept cookies then each time they visit they would would be seen as a new visitor.

As a user of the internet, how annoying would it be if every site you visited had a popup that asked for permission to store a cookie? It is likely to reduce people's enjoyment and use of the web.

Users can turn cookies off. In Firefox click on Tools, Options, Security and then check the box that says that you don't want to be tracked.

In other browsers just type the name of the browser and the word cookie into a search engine and you will see a list of how to articles.  In some browsers you can have a setting to remove all cookies when you close the browser.

As a site owner the problem is bigger, browsers allow users to turn off cookies and so there will be some who try to suggest that they have given inferred consent because they have allowed cookies in the browser. This doesn't work because users must give informed consent and my guess is that many people don't know what a cookie is and that my short definitions will raise the blood pressure of many people who do.

As a website manager you have the standard options of

• Ignore the law - the chances of a charity being selected as the test case for a law targeting commercial abuse are low but then again I am not a legal expert
• Ask for permission: stick a pop up onto every page that asks can I store a cookie on your computer? My guess is that people will say No.
• Stop using Cookies: when the technology exists that will allow your site to function properly without cookies.

Just adding a statement to your privacy policy is not enough.

Finally, it is likely that some users will be happy for some types of cookies and not for others.

Click to download a copy of the guidelines for the new law

Email me your thoughts Pete@illuminateict.org.uk