Online privacy is a global hot-button with lawmakers pressuring organizations to more tightly regulate the information they gather from visitors. The legislation dubbed the "cookie directive", enacted by the European Union, has organizations scrambling to make their websites compliant. Organizations in the US might not realize that they need to comply with these rules if they intend to operate a website in the EU. For those of you who don't run multiple sites, these simple tips may give you a head start preparing for future US legislation.
There has been some debate and confusion about how to comply with the cookie directive. One purpose of the rules is to increase self-regulation in this area, which means that it is up to each website to form their own solution ensuring compliance.
What should I do?
There are 4 main points that you should be aware of in terms of complying with the regulations:
- Information must be easily accessible and clear, using language that the end user will understand so that every user will be adequately informed.
- The user should be informed about the purpose of the website's cookies and who stores their data.
- Lastly, it is also the website owner's responsibility to obtain consent from the user. This aspect is crucial when wanting to comply with the regulation.
You should be aware that the consent of the user must be obtained before any cookies are set. You must therefore ensure that no cookies are set at the moment when a user enters your website, but only after the user has accepted cookies. You should be able to control when cookies are set, however this might seem incomprehensible to many. The reason many people might find it difficult to meet this demand, is that they do not know exactly which cookies are set by their website. Perhaps this is the time to make that website audit?
Why should I do it?
The quick answer is; 'because the regulation says so,' but let's have a look at the purpose of the rules: Those visiting your website are informed about what happens. Additionally, visitors must have the option to opt out. When you put it this way, it's probably only a few who will oppose to the idea, because who doesn't support having the freedom to choose? However, there are still some who may ignore the rule, because they fear that many will opt out, which will make their web analytics less exact. They believe that many will opt out "because they do not know what it is." Paradoxically, this answer brings us back to a part of the background for the rules, namely that information about cookies is needed. This will also help to demystify what cookies are not. If the website owner has a legal and beneficial purpose with cookies, namely to make the user experience better, it's a good idea to share that message!
How can I use the cookie directive?
Since the rules came into effect, they have been met with some dissatisfaction. Many believe that it is a measure potentially impairing their web analytics. This is one way of looking at things, but looking at it from a different point of view one might realize the possibilities. Since a large part of using cookies is to gather knowledge, which ultimately makes the website a better place for the user, there appears to be no reason not to tell the user about it.