What are Cookies?
So in the realm of the Internet, what are cookies exactly? Cookies are small files that are downloaded onto a visitor’s browsing device when visiting a website. When a visitor returns to this website, the cookie is read again by the site and generally, the information that it contains is used to help personalise website visits, make them more convenient for visitors or for analytics purposes. For example, they can be used to remember language preferences, to keep users logged-in, to show a custom homepage based on browsing behaviour during previous visits and to create analytics reports regarding user behaviour.
How to Adhere to the EU Cookie Directive
Since the introduction of the directive, many websites have started displaying a banner containing cookie information on the top or bottom of their website that is shown the first time someone visits the site. These banners can take up a significant part of the screen however, especially on mobile devices, which makes for a poor user experience.
Therefore, website owners have started looking for alternate ways of adhering to the EU cookie law.
Whether these types of solutions truly adhere to the directive is a bit of a grey zone, but according to official comments from the Information Commissioner’s Office it seems that when using cookies only for analytics, making cookie information available in such a non-obtrusive manner is fine.
Who Needs to Adhere to the Cookie Law?
Basically any website that is based in one of the EU member states, as well as websites outside of the EU that target EU people must adhere to the directive. This means that a US company that is also selling in the EU needs to comply.
If your website has advertising or uses analytics tools, then more than likely it is using cookies. You can use a cookie audit tool to find out exactly what cookies your site is serving to visitors. For Chrome you can use the Attacat extension and for Firefox the View Cookies extension.
What if I Don’t Comply with the Directive?
The maximum penalty that the directive stipulates is £500,000 in case there is an intentional breach of the law that leads to significant distress. Smaller penalties just involve receiving and information or enforcement notice. In practice it will be very difficult to actually enforce this law and up until now only a few letters have been sent to very popular websites that weren’t complying. No monetary fines have actually been given up until now.