Cookie law part 3 Next steps

Six things to do now

The legislation deadline for the new EU cookie law is looming mere months away. Here are six straightforward steps you should take now to ensure you're moving towards compliance by 26th May.

This is the third part of our three blogs on the EU cookie law. Read parts one and two.

1. Run a cookie audit
Review all the cookies you currently use on your website. Which ones will be deemed essential and thus exempt from the cookie legislation? Are there any you don’t require any more? See this as an opportunity to clean up your cookies. Review what the non-essential cookies are doing for you and how you will explain this to your users.

2. Assess the intrusiveness of your cookies
Following on from the audit, assess whether any of your cookies could be deemed as intrusive, such as remarketing cookies or cookies that track your habits across the web. The guidelines around “intrusive” cookies are a bit vague as it’s such as subjective issue, but essentially the more intrusive it is the more carefully you should spell out its existence and the way it is used to your web users.

Of course, if these aren’t absolutely necessary to your website’s operation you may wish to remove these entirely. 

3. Check your privacy policy
Does your website’s current privacy policy outline how you use cookies and for what use? Revise it to outline this clearly so that users can make informed decisions on whether to opt in to use cookies, or consider creating a separate cookie policy if you’d prefer. 

4. Check contracts and define responsibilities with agencies/internal teams
Who will be responsible for implementing any changes to your cookie usage, your privacy policy and your request for user consent? Define roles and responsibilities with your internal team and/or agency. Whether you are client-side or agency-side, consider including these definitions in your contracts for clarity. 

5. Discuss the best options for informing users and gaining consent 
What will work best for your website’s users to inform them of the upcoming changes and to request their consent – an overlay? Changing the website’s home page? Emailing all registered users? Writing a blog about it? All of the above? Talk to your agency to work out what options are best for you.

Remember, you’ll need to ask for explicit consent from users to store cookies on their machines, so you might want to look at ways you can encourage users to give consent, such as offering access to specific or exclusive content in return for opting in.

6. Create your cookie compliance plan
Once you’ve audited your cookies, defined responsibilities and worked out how you will ask for consent draw up a detailed plan, including a timeline of activity showing what you intend to complete and by when. Include any barriers to compliance, such as costs or technical issues. 

That way, if the compliance police come a knocking, you can use the plan prove that you are working towards being on the right side of the cookie law.

Thanks to Andrew Tibber at Burges Salmon for his legal insight into this issue.

Post by

Lisa Ballam