What the new ICO Cookie Guidance means for your UK website

markNews, Web Design

What has changed?

As a business owner or manager, if you’ve not been living under a rock for the last couple of years, then I am sure you know all about (or at least have heard of) ‘GDPR’. This is a European law that requires consent to be given for things like emails and online advertising, basically any time that a person shares their personal data online – they must give consent for that to happen.

Personal data is obtained via lots of websites through the core software (especially WordPress), security software and things like Google Analytics using a bit of technology called ‘Cookies’ – it would be extremely rare to find a modern website not using Cookies in some form or another. Previously the UK’s Information Commission (The ‘ICO’), who provide advice on privacy laws to businesses, had interpreted the law to say that websites really needed to do was make people aware of these Cookies and tell website users that if they used the website, they would be subject to the use of Cookies – with some information or a link within the Cookie policy that old people how to control them (usually via browser settings).

However, as of July 2019, the ICO have changed their guidance to say that this is no longer enough and that website users must implicitly consent to the use of Cookies for anything that is not ‘essential’, this is before they start using the functions of a website. ‘Essential’ means Cookies that you need to use to make the website work (such as keeping track of a cart in an Ecommerce setup or using security software to protect the website). Anything outside of these essentials must now be turned off until the website users allow them to be used.

Don’t be alarmed! It’s worth pointing out at this point that the likelihood of the ICO prosecuting a small business is incredibly low and they usually allow leeway for a business that can show it is planning to make the changes necessary in the near future. But, if you are a business owner, you are legally responsible for the personal data collection of your website and could therefore be hit with a hefty fine should the ICO look to investigate your site.

So what needs to be done?

If your website does not allow users to control their Cookies from the moment they hit your site, or your website automatically installs the Cookies at the moment of entry to the site, technically you’re breaking privacy laws. What you need to do is install a system that allows for only essential Cookies to be installed at the first hit and then requests users allow your non-essential Cookies (or is able to reject them easily).

If you would like to speak to a professional about your website and check to see whether your setup meets the new guidance, just contact me today and I would be happy to check for you for free.