Hello and welcome to part 2 on Cathy Cook's blog series on complying with the cookie regime. Click here to find out more about Cathy and read the first part of her blog series.
First ascertain what cookies you are using:
Identify which cookies you are using on your website. This should include not only cookies used by you but those used by third parties who you have authorised to use your site. If as part of this audit identify old cookies and remove them immediately
Confirm the purpose of each cookie. Is the cookie necessary to perform an essential function of the website or to fulfil part of the service requested by the website user? Customer recognition, customer tracking and profiling are considered to be non essential use. Regulation 6(4) of the Revised Regulations provides that essential cookies do not require a user’s consent.
Identify what data each cookie holds and confirm whether the cookie is linked to other data the provider holds about a user. If information collected by a cookie relates to a living identifiable individual then any processing of that data must comply with the Data Protection Act 1998
Confirm the type of cookie. Is the cookie persistent or session? Persistent cookies are more likely to be privacy intrusive.
Confirm the lifespan of each persistent cookie. Is the lifespan appropriate or should it be shortened.
With third party cookies the website operator needs to liaise with the third parties to ensure that their use of cookies is also compliant.
Often information on cookie use provided to users is too detailed and technical. The ICO suggests that information could be displayed:
As a table of cookies used with a description of the way each one is used; or
By using a broader explanation. The International Chamber of Commerce published guidance on the use of cookies which includes a useful, possibly more user friendly description of cookie categories.
The latest guidance on this from the ICO includes:
Putting the information on a separate page on the website and providing a prominent link to that page from every page of the website. The link needs to make it clear that it is to information about cookies and privacy.
Use an icon although a standard cookie icon is yet to be developed so it might be difficult to ensure that users know what the link represents without additional explanation.
In the short term it might be useful to include a blog post or news item on the home page explaining the policy on cookies and including a link to the cookie information page.
In the final blog on cookies, Cathy will advise on practical steps towards obtaining consent.
View all of Cathy's blogs and more using the link below
You can follow Jordans Commercial on Twitter using the link below
If you wish to speak to Cathy about any of the issues in this blog then please ring the following number:
01924 387110