The EU Cookie Directive was introduced on 25 May:
The EU Cookie Directive is amended privacy legislation designed to increase consumer protection. The EU Cookie Directive requires websites to obtain informed consent from visitors before they store information on a computer or any web connected device. This storage is mostly done by cookies, which can then be used for tracking visitors to a site. ~ EU Cookie Directive
In response, the UK updated the Privacy and Electronic Communications Regulation to incorporate the EU Cookie Directive in its mandates and UK businesses are expected to bring their websites into compliance. Here’s how we’ve sought to bring our own site into compliance; we hope our experience can serve as a useful guide to bringing your own business’s WordPress website into cookie compliance.
How the cookie crumbles
Types of EU Cookie Compliance
UK businesses should refer to the ICO (Information Commissioner’s Office) for full guidance on how to comply with the EU Cookie Directive. Essentially, visitors to your website must consent to your use of cookies. Consent can be implied or gathered explicitly and the sort of steps you should take for consent will depend on the type of cookies your site uses. ‘Implied consent’ can be applied to:
- those cookies that form an integral part of a website’s functionality, such as a shopping basket or user preferences
- those cookies that are ‘strictly necessary’ for an operation requested by your user, such as moving from a product page to checkout
Where businesses should pay special attention is when cookies are used to collect sensitive personal information, such as data on user’s health, or the use of third-party cookies for tracking or integrating with third-party services. Common scenarios for third-party cookie use include:
- cookies for tracking user behaviour such as Google Analytics
- cookies for use with third-party social networks such as Facebook, Twitter, YouTube and so on
Getting Started: Make WordPress Comply with EU Cookie Directive
The ICO offers a useful PDF guide to cookie compliance. Businesses are free to implement their own strategies for compliance based on their particular use of cookies and the guidance provides a variety of example implementations that businesses can work from. With reference to the ICO guidance, it took us 2 hours to bring our site into compliance which we achieved following these steps:
- cookie audit
- updated privacy policy and terms of use
- added a cookie compliance fader
WordPress Cookie Compliance: Undertaking a Cookie Audit
We investigated the range of cookies used by our site. These fall into two categories of cookies, those that require explicit consent and those that are covered by implied consent:
- WordPress’s non-tracking cookies which are fundamental to the operation of the website’s CMS software
- third-party cookies from Google Analytics and social networks
Once we had clarified our understanding of the cookies used on our site, we were able to determine the best measures for complying with the Directive’s stipulation that users make ‘informed consent’ to our use of cookies.
Helping Users Make ‘Informed Consent’ to Cookies
We took 3 measures to help users make informed consent to our use of cookies:
- updated links to privacy policy as ‘Privacy and Cookies’
- updated privacy policy and terms of use
- made our WordPress comply with the EU Cookie Directive with a cookie compliance fader
In this way we were able to:
- clearly link to our policy on cookies
- fully articulate for users what cookies we use
- explicate that a user’s continued use of the site accepts our use of third-party cookies to enhance the site
While there are problematic and onerous aspects of the EU Cookie Directive and some are estimating that the UK Cookie Law could cost British businesses £10 billion, we hope that fellow SMEs using WordPress will find our steps to compliance a useful guide.
Need help to make WordPress comply with EU Cookie Directive? We can help. Get in touch!
Photo from FreeDigitalPhotos.net