Following our very recent update on the EU’s cookie directive (due to come into force this May), I see that the debate is far from over as to what we should be doing, which is more than a little confusing.
A rather interesting econsultancy blog, asks whether the UK government might be crumbling about the issue. As the post says, the Government’ own Digital Service (GDS) sees web analytics as being ‘essential to the effective operation of government websites’, something which is most effectively achieved ‘at present [by] the setting of cookies’. The GDS points out that web analytics cookies are ‘minimally intrusive’ and ‘tends to be controlled by the first-party’. And it concludes with a statement in the Information Commissioner’s Guidance, which states:
Provided clear information is given about their activities we are unlikely to prioritise first-party cookies used only for analytical purposes in any consideration of regulatory action.
That is, it makes it sound as though anybody using first-party cookies for analytics is unlikely to be prosecuted, an opinion which has led the GDS to decide not to change to opt-in, despite the directive requiring this.
The post has led to significant comment and discussion, which makes very interesting reading. Opinions vary as to how (un)wise the GDS is to admit to this, whether business could follow suit, whether the GDS has insider knowledge, whether we should now be delaying before responding to the directive etc etc.
I found myself fascinated by the debate – but in the end, what I most want to know is what we should actually do. And reading through, I found the following short list in a comment by Alisdair Wightman, Digital Analyst at So What Analytic. I think this makes really good sense:
- Carry out a thorough audit of your site so you know exactly what tracking functionality you use there, not just cookies.
- Make opting out – and the implications of doing so - as easy as possible for site visitors.
- Be prepared that implementation may get stricter at some stage, forcing you to get site visitors to opt in (which is what the directive actually says). Make sure you are ready for this by having a credible technical solution ready, along with a detailed plan showing how you are going to handle the change to opt-in.
Finally, as always, please be aware that we aren’t lawyers – so this is only our thinking and shouldn’t be sees as a substitute for legal advice.
- EU cookie law: UK government crumbles? http://econsultancy.com/uk/blog/9416-eu-cookie-law-uk-government-crumbles?utm_medium=email&utm_source=daily_pulse