By the 26th May 2012, UK web sites must ask for consent from visitors to use most cookies. This "Cookie Law"Ã‚Â started as an EU Directive in 2011 and became part of UK law when it was adopted into the Privacy and Electronic Communications Regulations.
There is still plenty of confusion from web professionals regarding the Cookie Law, ranging from burying their heads in the sand to hysteria and panic.
It’s hardly surprising though when the UK Government’s sites seem unwilling to adopt the letter of the law themselves. I almost feel sorry for the Information Commissioner’s Office (ICO), who is responsible for enforcing the legislation. A recent interview with the ICO’s Group Manager for Business and Industry did little to resolve any confusion, although I do feel his answers were meant as realistic, level headed responses.
There are plenty of resources on the web that provide information about what steps you should take and a number of code solutions you can incorporate into your site to ensure compliance. I quite like the look of these two jQuery plugins but what I wanted to research was what steps other web sites and businesses had taken to ensure compliance.
It is interesting to see there is no industry standard yet. I suspect this will change in the next few months once the deadline has passed. As it becomes more common to adopt an opt-in policy and users become more familiar with the solutions, businesses will not want to be seen to disregard consumer’s privacy rights if their competitors are compliant.
An example of full compliance
The Information Commissioner’s Office
Unsurprisingly the ICO’s web site has adopted a fully compliant solution. Visitors are greeted with a rather uninspired box at the top of the page that requests they accept cookies from this site.
As a result 90% of visitors declined to accept cookies, which meant the ICO was unable to track the vast majority of their users with Google Analytics.
Clearly, this would be unacceptable to most web site owners.
Compliant – but too clever for their own good?
BT’s solution is an elegant slider that users can drag to indicate the level of privacy/functionality they wish to accept.
Despite its sophistication, I feel this asks a bit too much of visitors. Checking one box to allow all cookies is a lot simpler than being presented with three options and having to work out which one is right for you.
Graceful and compliant
This Somerset web design company has achieved compliance with an unobtrusive opt-in prompt at the top of the page. In fact, I didn’t notice it at first because the colour scheme of the opt-in prompt was similar to the rest of the site.
This is good from a visitor’s perspective because it doesn’t detract from the user experience. But it might mean that so few visitors accept cookies that it isn’t worth the site using them at all.
No more pop ups!
What is interesting about this site is that it used to have an opt-in mechanism (according to this article) but I guess it was dropped because of the effect it had on visitors!
More updated privacy policies
It will be interesting to see if they adopt one before the Olympics when they will expect a big surge in traffic.
The Department for Culture, Media and Sport wrote the UK version of the Cookie Law. They’ve decided that a link in header is sufficient…
The UK’s biggest companies
And what are the UK’s biggest companies doing? A few random selections from Wikipedia’s FTSE100 list shows not much!
What about this site?