New Law Governing the Use of Cookies

An update for Yell customers*

What is the new law and how it impacts website owners?

In 2009 the European Commission made changes to the E-Privacy Directive. The consequence of this is that website owners are now required to get consent for cookies (see “What are Cookies” section below for more details) and similar technologies going onto PCs, tablets and mobiles. These changes were designed to protect the privacy of internet users, in particular, activities like tracking online browsing behaviour. The UK implemented this change on 25 May 2011 with the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 which amended the existing law on direct electronic marketing.

This new UK law requires website owners to ensure that users visiting their website:

  • are given clear and comprehensive information about the use and purpose of cookies and any similar technology going onto their computer/tablet/mobile; and
  • give their consent to this happening.

The Information Commissioner’s Office (the regulatory body charged with enforcing this new UK law, the “ICO”) recognised that website owners would not be able to amend their practices overnight and so have given a grace period of 12 months (until 25th May 2012) for website owners to comply. This means, assuming companies are actively working toward compliance, they will not be penalised before this date.

What are Cookies?

Cookies are a small piece of code that is dropped in your browser, for example Internet Explorer, when you visit a website or whilst navigating through a website. It serves a number of purposes which could include one or all of the following:

  • Help website owners analyse how you and others interact with the website (known as ‘analytics’)
  • Help website owners personalise pages and remember visitor preferences.
  • Help website owners manage your selected products in case of shopping websites
  • Help online advertising companies deliver targeted advertising

What do I need to do now?

The ICO has issued guidance on what you need to do which in summary recommends you take the following steps:

1.            Investigate:

What cookies and similar technologies are operating on or through your website?

In relation to each of these, consider:

  • Does the cookie only remain on a users hard-drive while the user is using your website (a “session cookie”) or does it remain for a certain time period after a user has navigated away from your website (a “persistent cookie”)? If it is a persistent cookie when does it expire?
  • What is its purpose? Analytics? Advertising?
  • What information does it store or link to (like a user name)?
  • Do you drop it on users’ machines or does a third party do this (such as an analytics or advertising network provider).
  • How intrusive is it to a user’s privacy? The more intrusive, the more priority will be needed to getting meaningful consent.

2.            Clean Up:

If any cookies identified by your investigations are obsolete and no longer needed, delete them.

3.            Inform:

Take the information you have discovered and give a broad explanation to users about what categories of cookies your website uses and some information about what their purpose is. This can be done in a new cookie policy or in a cookie section of your existing privacy policy. It is important to make this information prominent on your website.

If third parties drop cookies on users who visit your website, then the ICO still believes you should be doing everything you can to get the right information to users and ensure the third parties  are allowing users to make informed choices about what is stored on their machines.

4.            Obtain Consent:

Once you have given users the information about what cookies you use on your website ask for their consent to store them on their computer/tablet/mobile.

The ICO suggests a number of ways to gain consent, such as pop ups, splash pages, message/header bars or getting a user to accept the use of cookies when they register. You could also use settings or feature led consent. This link to the ICO’s website showcases their approach in getting user consent for their own website – https://ico.org.uk/

If you want to know more about cookies please view http://www.allaboutcookies.org/  or the World Wide Web Consortium’s website.

If you want to know more about what changes Yell are going to make in relation to the use of cookies within relevant Yell products and services provided to you (like your Yell Site) please contact Customer Services on 0800 555444.

*Please note that this information is given for general knowledge purposes only. This information should not be considered a substitute for professional advice. Absent fraud, Yell disclaims all liability for any reliance you choose to place on any of the information provided here.