Cookie law part 3 Next steps
Six things to do now
The legislation deadline for the new EU cookie law is looming mere months away. Here are six straightforward steps you should take now to ensure you're moving towards compliance by 26th May.This is the third part of our three blogs on the EU cookie law. Read parts one and two.
1. Run a cookie audit
Review all the cookies you currently use on your website. Which ones will be deemed essential and thus exempt from the cookie legislation? Are there any you don’t require any more? See this as an opportunity to clean up your cookies. Review what the non-essential cookies are doing for you and how you will explain this to your users.
2. Assess the intrusiveness of your cookies
Following on from the audit, assess whether any of your cookies could be deemed as intrusive, such as remarketing cookies or cookies that track your habits across the web. The guidelines around “intrusive” cookies are a bit vague as it’s such as subjective issue, but essentially the more intrusive it is the more carefully you should spell out its existence and the way it is used to your web users.
Of course, if these aren’t absolutely necessary to your website’s operation you may wish to remove these entirely.
4. Check contracts and define responsibilities with agencies/internal teams
5. Discuss the best options for informing users and gaining consent
What will work best for your website’s users to inform them of the upcoming changes and to request their consent – an overlay? Changing the website’s home page? Emailing all registered users? Writing a blog about it? All of the above? Talk to your agency to work out what options are best for you.
Remember, you’ll need to ask for explicit consent from users to store cookies on their machines, so you might want to look at ways you can encourage users to give consent, such as offering access to specific or exclusive content in return for opting in.
6. Create your cookie compliance plan
Once you’ve audited your cookies, defined responsibilities and worked out how you will ask for consent draw up a detailed plan, including a timeline of activity showing what you intend to complete and by when. Include any barriers to compliance, such as costs or technical issues.
That way, if the compliance police come a knocking, you can use the plan prove that you are working towards being on the right side of the cookie law.
Thanks to Andrew Tibber at Burges Salmon for his legal insight into this issue.