Skip to Content

The author

Epiphany Search

This week marks a sizeable change in privacy laws in the UK. As of 26 May, website users will have more control over the data a website gathers about them. The current law states that users must be able to opt-out of cookies being set on their devices. This is due to completely reverse as the new law states that cookies can only be set on a user's device once they have given their consent. The Information Commissioner's Office (the body charged with regulating this new law) only recently issued its guidance on the situation.

The ICO said they are not expecting every UK website to be 100% compliant from day one, and realise it will take a long time before businesses are able to implement changes to their website. We have yet to see a workable solution that doesn’t damage a user’s experience or completely kill any web reporting tools. So, although this law comes into effect this Thursday, it’s certainly not a case of all hands to the pump. Doing nothing is not an option but there is no need to panic. Here are our tips to moving toward compliance with the law. These are recommended as an interim until workable online solutions are developed:

Tip #1: Update Your Privacy Policy

  • What types of cookies are being set
  • How they are used
  • Who they are shared with
  • How a consumer should manage them

Tip #2: Audit All Cookies & Tracking

Ensure you have a document available which lists:

  • Each of the cookies set on your website
  • What the purpose of that cookie is,
  • What information it records,
  • What other parties access it (if any)
  • How that information is used.

The talk in the analytics industry is that the ICO is not coming down hard and fast enough on companies. The independent authority has suggested popups, notice through privacy policy, additional information in footer/headers, and opt-in consent where feasible. The majority of these are not a viable solution without damaging a user's experience both directly and indirectly. The UK government is working in the background with browser providers to ensure this type of opt-in agreement can be set on a browser level, rather than at every website visited. This should solve a lot of the problems currently facing website owners. Once you have the above tips in place it's time to start thinking about how you would gain consent from users to set cookies on their machine. Some cookies are exempt from these rules but these are only ones that directly impact the essential functions of that website i.e. shopping carts. The ICO is looking to publish some real world examples of how consent is being gained, while the industry should educate customers and allow them to make their own choice.