Despite my love for all things EU, they’ve really dropped the ball with the Cookie Directive.
I must start with this: I like the EU. I think it’s beneficial to trade, I think CAP is actually a good thing (although poorly executed) and I’m all for straighter cucumbers!
You can see the full text of this document here.
What it boils down to is that any cookie your website uses that is non-essential now needs explicit permission to be installed from the end user. Things that are excluded are session cookies that only exist whilst the user is on the website, so things like remembering the products in their basket etc.
Tracking cookies and advertising cookies are non-essential cookies and you need permission from the browser of the website to use them. This means you will need to ask users when they visit your site whether they wish for cookies to be installed on their machine, and if youre serious about it youll need to ask them for every non-essential cookie you will install.
The simplest solution to this seems to be pop-ups asking for permission. To get an idea of what life on European websites after the 26th of May will be like view David Naylors article on the topic here (prepare to click a lot!).
Fun isnt it? How much is that going to cost your business when your staff are investigating potential clients or partners? Its also a difficult nut to crack if a user says no to one cookie but yes to another. Would you have to install a cookie to save their preference? Well youll need permission for that too! So if pop-ups arent the solution what is?
There was talk of a browser-based solution. This is a mythical solution floating in the ether, and nobody seems to know anything about it. It will happen eventually, but when is the big question. So unfortunately thats ruled out for now. Also, how will you account for those users who dont upgrade to the latest version?
The only legitimate solution is to avoid non-essential cookies, so turn off your google analytics, get rid of your adverts and ditch your user preferences. This isn’t an option if you make your money through online advertising and generally will halt improvement on your website as you’ll loose a large chunk of your analytics data too. It’s simply not feasible.
So what is the solution? Well there isn’t one that is going to work, yet. The simplest thing to do is assess what cookies your site is using, remove any that are archaic remnants of previous gestations of your site and make sure that the cookies you are using are needed.
Whilst this isn’t going to protect you from the directive, it does show willing and awareness of the change. The Information Commissioners Office has acknowledged that a phased approach to implementation is really the only way UK businesses can survive this change so whilst they will investigate any complaints they are unlikely to punish anyone that can show a clear way forward in gaining consent from their users.