In December 2009 the European Union passed a e-Privacy Directive, which the UK implemented through its Privacy and Electronic Communications (EC Directive) Amendment Regulations in 2011 (the ‘PECAR’).
You can read more about the legislation here.
Under the legislation, users to websites must be told that the cookies are present and what the cookies will do. Consent must also be obtained to store a cookie on the website viewer's device, preferably before the cookie is set.
This has led to several high profile sites, such as BT's, using a pop-up to warn viewers about cookies and ask them if they wish to accept them:￼
Until the situation pans out, we think that's overkill. We think that by listing cookies that a site sets in the site's Terms & Conditions and stipulating that use of the site constitutes acceptance of these cookies, the requirements of the legislation are satisfied.
This after all is what the Number 10 site does - and if it's good enough for the Government itself, it's probably good enough for us.
Of all the websites we have written for ourselves and others, we've never implemented any kind of link between a cookie and any identifying information. This is the area of biggest concern for many users.
The CMS system we use, CMS Made Simple, sets cookies only that are essential to the underlying function of the site, and are session-based; that is, they're removed when the user closes their browser.
The sites we build only actually serve cookies in a couple of other instances:
- to manage log-in into specific user areas. Without these session-based cookies being set, users wouldn't be able to gain access to password-restricted areas of websites.
- in order for us to provide our site owners with web stats, Google analytics set persistent cookies.
- functional cookies are sometimes used to record site preferences such as font size choices, or the desired number of search results to display.
If you need further information or clarification, we'd be delighted to help.