What is the law?
From May 2011 a new privacy law came into effect across the EU. The law requires that websites ask visitors for consent to use most web cookies.
The vast majority of small websites don’t do this of course, but they do track visitors to their website, e.g. via a tool like Google Analytics, and they use social media plugins like Facebook Like buttons. As we will see, this law appears to outlaw all of this entirely.
What does this mean for websites?
Most EU websites will need to change, or break the law.
To ask for permission, a website must interrupt their visitors – say, with a popup like this:
No one wants to add this to their website, and most visitors are unlikely to be happy about it either.
Does this only affect websites hosted in the EU?
The location of your hosting is irrelevant, but the location of your organisation is not. Your organisation must fall within the legal jurisdiction of the EU. Each member state has their own laws, which are based on the same EU directive, but may differ slightly.
For most small/medium organisations, being located in the EU will mean you must comply.
Are all cookies affected?
The vast majority are – all cookies that are not “strictly necessary for a service requested by a user”.
The law allows an exception for “strictly necessary” cookies, such as those used to remember when something has been added to a shopping basket. These cookies would be expected by the user implicitly for the action they requested to be carried out. Another example would be login.
Where can I get more information?
We’ve written a free eBook explaining all about this cookie law, what you need to do, and what it means to your website. Download the eBook.