Done anything about the EU Privacy Law yet?

It’s less than a fortnight until the implementation of the EU Privacy Law concerning “cookies” and other technology used to store data, and from what I see, very few companies have done anything about it. Clearly most businesses are hiding behind the “safety in numbers” approach and hoping that if overzealous civil servants start prosecuting, theirs won’t be one of the ones chosen. It’s probably a fair gamble. However, I do think that everyone ought to at least be clear on what’s happening. I’d recommend, therefore, the following:

1. You understand exactly what a “cookie” is;
2. Find out what cookies are delivered by your website by running a cookie audit;
3. Understand what’s going on: this video (which has a full transcript on the page) is a good place to start;
4. Try to at least acknowledge you know what’s going on in your site’s privacy policy, and consider implementing some form of obtaining a user’s consent for the use of cookies on their computer; we’re using Cookie Control on our site.

At least this way, you’ll be able to respond from a position of informed strength, if the subject is raised in a couple of weeks’ time.

Discussion

  1. Laurence

    Hi. Will this kill google analytics? And I believe Cookie Control requires Javascript enabled, so without JS I believe it does not work hence sites would not conform. Also, does it stop PHP cookies? Thanks

  2. Mark Steven

    Hi Laurence, most non-essential cookies are dropped by JavaScript. Hence, no JavaScript, no offending cookies.

    You can adapt your PHP code to check for consent (indicated via a Cookie Control cookie).

    It’s neither desirable nor easily achievable to block all PHP cookies: for the most part they’ll be exempt (e.g. used for logins etc).

    But you’re right: if you want to go for strict compliance, then you’d need consent before running Google Analytics, which of course completely stuffs it up. Many folk are opting for a “soft” compliance approach: this is more opt out than opt in. Not strictly compliant, but a pragmatic step forward.

    We’ve started hosting Piwik for folk as well. Nice solution that just requires hosting.

  3. Steve Jones

    Hello Chris and thanks for the prompt.

    As a novice WordPress user I have added the Cookie Control with no problem. However, immediately anyone visits the site and regardless of the Cookie Control, the PHP session cookie is installed – I’ll checkout the point from Mark – but so too are the Google Analytics cookies (_utma, _utmb etc).

    My question is where on WordPress you can add the Google code so it is only applied after the visitor has consented?

  4. Chris Rand Post author

    Hi Steve – as Mark says, Cookie Control is “more of a soft compliance approach: this is more opt out than opt in. Not strictly compliant, but a pragmatic step forward”. If you want to do things by the book, you’d need a different approach. Any suggestions are welcome.

Leave a Reply

Your email address will not be published. Required fields are marked *