New Privacy & Electronic Comms Regulations

We have been getting a lot of questions about the new privacy and electronic communications regulations that come into force from the 26th May 2012.
THIS WILL AFFECT ALL WEBSITES AND FAILURE TO TAKE ACTION WILL MEAN YOUR WEBSITE IS ILLEGABLE (probably!).

The Information Commissioner’s Office (ICO) has already given us web people a year’s grace so now we have to do something about it. Please note the information below does not constitute legal advice. We recommend that businesses take their own legal advice for their own circumstances.

The new law is concerned with the use of cookies; there use on websites and the users consent to those cookies. It appears that the ICO is concerned with different levels of cookie use on websites and some need a stronger kind of user opt in than others. The IAB report on the matter seems to suggest that if your cookies do not track any personally identifiable information then all you need to do is beef up your ‘cookie use’ information and make links to those documents more visible on the website. I.e. move the privacy and cookie information links above the fold. (You can view the full IAB document here)

However before you can decide what to do you need to do a ‘cookie audit’ to understand what cookies your website uses and what information those cookies store. You can then find out if you have just anonymous data or personal data stored. I am going to copy and paste in the three steps recommended by the Internet Advertising Bureau (IAB) as it’s well written :

1. Audit first – To achieve transparency publishers need an understanding of both their use of first party and third party cookies that operate as part and parcel of their other activities especially around affiliate advertising and marketing. This requires an audit and how this is carried out will vary from organisation to organisation. The aim is to establish a clear assessment of where you may have issues to address.

2. Document your activities – Ensure you have effective documentation and organisation in place to be confident that your efforts to offer transparency are reliable and accurate. Every organisation will take a different approach depending on the size and complexity of the business. You will certainly need to document your audits and resulting actions. You might need to go further to include any associated business policies, processes and who is responsible for compliance in your business.

3. Identify prominent customer/user touch points – One of the key measures of transparency will be how accessible the information is. While a pop-up culture is not intended the ICO has provided guidance regarding where information might be placed
Please note that this does not just relate to cookies that your own website code uses but also any third party cookies that are used on your website. Third party cookies could come from services you use such as Google Analytics, Microsoft, Affiliate Window and other tracking and affiliate programs you may have running.
Once you have a cookie audit done, either by ourselves or a third party. You will be in a position to understand what changes to your website need to happen in order to comply.