The EU e-Privacy Directive Compliance
Named the ‘EU e-Privacy Directive Compliance’ (it doesn’t solely apply to cookies); the law actually came into play last May, but the Information Commissioner’s Office has given web masters 12 months to prepare for the enforcement of the law this year.
The law states that cookies or similar devices must not be used unless the user of the technology is provided with “clear and comprehensive information about the purpose of storage”.
To summarise, websites must get permission from a user on their site before using any local storage or device (primarily cookies) to track and identify the user.
Putting into consideration that Google Analytics – which is used by the majority of websites – uses first-party cookies to gain measurement and analysis; this is a huge deal for the SEO industry, as they’ll have to find new methods of gauging the success of a website.
“Websites must get permission from a user on their site before using any local storage or device (primarily cookies) to track and identify the user”
If we were all to follow the law for complete compliance, this would mean websites would have to ask every person to opt in; and with Econsultancy’s findings that only 23% of web users would agree to cookies; Google Analytics data would be rendered inaccurate and unusable.
There are a few exceptions to the law, for example, a cookie which is used to remember the products a user wants to buy when they proceed to the checkout is acceptable However, the ICO’s guidance on the directive states that “Cookies used for analytical purposes to count the number of unique visits to a website” will be unlikely to fall within the exception of the law.
Up until recently, many companies and agencies have been unsure about what to advise and what steps to take to ensure their clients’ sites are complying with the law. In the last few weeks, Econsultancy and a few other industry news sites have begun to outline their plans to comply.
There are still a few unknowns about the law and what the risks entail, and it seems it will remain this way until after the 26th May when it will become clear which websites incur fines and which don’t, only then will we know how strict the ICO’s guidelines are.
For this reason, we’re not in a place to instruct recommendation just yet, but there are a few things we’d suggest doing in the next month to prepare for the law implementation, and ensure you’re not abusing your users’ privacy.
- Understand it: Review the law documentation and make sure you fully understand what’s required of your website. Take a look at the advice given and make every effort to comply.
- Audit it: Conduct a cookie and privacy audit of every single page of your website. You should then remove any scripts or tracking which you don’t really need or use. Don’t just specify this audit for cookies, cover email tracking and social buttons too.
As mentioned above, there are still some areas of the law which are a little cloudy even to us, so we wouldn’t want to make any further recommendations. But by taking the three steps above, you can ensure you’re heading in the right direction and preparing yourself for the enforcement, as well as making your intentions a little clearer for your users.
Please get in touch if you want to talk about this further with our SEO or Digital teams, and let us know what steps you’ll be taking to prepare for the 26th.
Latest from B3Labs
- Another milestone reached for Branded3 as it’s acquired by the
St Ives Group
- The latest media consumer findings & what they mean for digital marketers
- Talk to Branded3 at @BuyYorkshire in Leeds next week!
Latest from Blogstorm
- Watch @Tim_Grice talk all things Penguin 2.0 in June’s #B3Brunch
- Content can kill your site: How to fix it
- Search expert @Tim_Grice talks Penguin 2.0 in a G+ Hangout this Thursday