Skip to Content

The author

Epiphany Search

This week marked a sizeable change in privacy laws in the UK. As of today, the law covering UK websites was due to change to ensure website users have more control over the data a website gathers about them. The ICO announced yesterday that this law will be delayed for one year allowing websites and businesses to come up with a workable solution to how cookies should be handled. This decision will be welcomed by pretty much every online business, analytics provider and marketing provider across the UK. Although delayed, this law is not going away; the EU and the ICO are pushing for website owners to educate customers and allow them to make their own choice on what data you can capture from them.

The current law states that users must be able to opt-out of cookies being set on their devices. This is due to completely reverse as the new law states that cookies can only be set on a user's device once they have given their consent. The Information Commissioner's Office (the body charged with regulating this new law) only recently issued its guidance on the situation. With the release of the guidelines, the ICO said they were not expecting every UK website to be 100% compliant from day one, and realise it would take a long time before businesses were able to implement changes to their website. We at Epiphany have yet to see a workable solution that doesn’t damage a user’s experience or completely kill any web reporting tools and it looks as if the ICO have finally realised this releasing a statement communications minister Ed Vaizey said: “We recognise that some website users have real concerns around online privacy but also recognise that cookies play a key role in the smooth running of the internet. But it will take some time for workable technical solutions to be developed, evaluated and rolled out so we have decided that a phased in approach is right”. So, although this law does not come into force until next year, we still believe businesses need to consider what they can be doing in preparation for next year. Here are our tips to moving toward compliance with the law. These are recommended as an interim until workable online solutions are developed:

Tip #1: Update Your Privacy Policy

Privacy policies should include: •        What types of cookies are being set •        How they are used •        Who they are shared with •        How a consumer should manage them

Tip #2: Audit All Cookies & Tracking

Ensure you have a document available which lists:

  • Each of the cookies set on your website
  • What the purpose of that cookie is,
  • What information it records,
  • What other parties access it (if any)
  • How that information is used.

There’s no reason to not implement these in the near future. Once you have the above tips in place, it's time to start thinking about how you would gain consent from users that don’t have the latest browsers. Some cookies are exempt from these rules but these are only ones that directly impact the essential functions of that website i.e. shopping carts. The UK government is working in the background with browser providers to ensure the type of opt-in agreement required can be set on a browser level, rather than at every website visited. This should solve a lot of the problems facing website owners. Over the coming 12 months, more and more workable solutions will be discussed and created. The ICO will be expecting more businesses to have solutions in place given the publicity and advanced notice of this law change.