I wrote last month on the farce that is the new cookie law for websites. Since then, there has finally been some clarity on what it actually all means for people running websites.
As this very useful article points out, the advice has not – unsurprisingly – come from the ICO – the official body responsible for overseeing the cock-up new regulations, but from a business organisation, the International Chambers of Commerce.
Its well worth reading the articles above and downloading the advice from the ICC, but in a nutshell here are some of the things that are now a lot clearer.
For most cookies on your site, all you will need to do is make sure that you include information on your cookies in your privacy information and terms and conditions.
Thankfully, this covers things like essential analytics tracking and many e-commerce functions that require cookies.
So far so good.
However, there is one category of cookies that will still require you to explicitly ask users to consent to – targeting and advertising cookies. And here it gets a bit confusing.
Its not explicitly clear who is responsible for asking permission to instal these. Is it your website or the advertiser?
And how does this apply to social media plug-ins, like buttons, social share etc? Online engagement is about your content across all platforms, not just your website, so anything that impacts the ability for users to easily share and engage with your content on their preferred platforms could have a significant effect on your web strategy. But who knows what’s going on with this? If the ICO do, they’re not telling anyone.
That fact is – that is still unclear.
It remains farcical that the ICO are unable to give any clarity on this law, and that it has taken a third party to produce a relatively coherent guide.
The ICO have “welcomed” the guide but not said it is correct, or contradicted any of it.
So there is still a considerable lack of clarity around this law, and my advice would remain the same. It is practically unenforceable and my personal approach would be to wait and see before doing anything other than adding information to terms and conditions.
The worst thing about this law, and how it has been implemented, is that lack of information and clarity – and a seeming lack of understanding in the ICO – is causing confusion and worry and, frankly, wasting everyone’s time.
The law will achieve nothing – the bad boys will continue to track you as much as they like while the law-abiding majority are inconvenienced or simply confused.
A word of advice to anyone in government responsible for implementing laws that have anything to do with the net – you don’t know what you are doing, so talk to people who do before you touch anything you might break. The ICC would be a good start.