New cookies data law kicks in

From yesterday UK websites must obtain “informed consent” from visitors before saving a cookie file on a visitor’s machine.Cookies are small text files that allow a website to recognise and track users.

The Information Commissioners Office (ICO) is to launch a tool for the public to report non compliant sites and they threaten a £500,000 fine for offenders.

Last week the government admitted that most of its sites would not comply with the new rules in time. It said it was “working to achieve compliance at the earliest possible date”.

The rules are designed to tackle privacy issues resulting from the growing use of cookies which track users’ browsing habits.

The guidelines- which originated from Brussels eurocrats, mean visitors must be told what cookies are being placed on their machine.

Typically, this will mean a pop up window seeking consent.

For example the Financial Times’s website says:

FT Cookie Policy
We have published a new cookie policy. It explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our cookie policy.
If you’d like to disable cookies on this device, please view our information pages on ‘How to manage cookies’. Please be aware that parts of the site will not function correctly if you disable cookies.
By closing this message, you consent to our use of cookies on this device in accordance with our cookie policy unless you have disabled them.

The ICO groups cookies into three groups:

Session cookies
Files that allow a site to link the actions of a visitor during a single browser session. These might be used by an internet bank or webmail service. They are not stored long term and are considered “less privacy intrusive” than persistent cookies.

Persistent cookies
These remain on the user’s device between sessions and allow one or several sites to remember details about the visitor. They may be used by marketers to target advertising or to avoid the user having to provide a password each visit.

First and third party cookies
A cookie is classed as being first party if it is set by the site being visited. It might be used to study how people navigate a site. It is classed as third party if it is issued by a different server to that of the domain being visited. It could be used to trigger a banner advert based on the visitor’s viewing habits.

It is these third party cookies that the eurocrats are particularly annoyed with.

It is good practice to regularly clean cookies out of your browsers. If you use Firefox browser- Tools, Clear Recent History and check the Cookies box. If you use an Internet Explorer browser click the Tools cogs icon, Internet Options, General tab, Browsing History Delete button and check the Cookies box.