Your Blog and the EU e-Privacy Directive (cookie law)

>>  Friday, June 01, 2012

You might have not noticed a law slip into place on the 26th May.  It applies to website owners in the UK and the way they collect data.


It applies to you

If you have a blog you are a website owner, even if you use Blogger or Wordpress.  They are just hosting your website for you and offering you tools to make it easy. This doesn't just apply to self hosted blogs.

If you use something that collects stats for you like Google Analytics, Stat Counter and I'm also guessing (and I can't see why they wouldn't apply) Blogger stats then this law definitely applies to you.  If you allow a login for comments then it will apply, if you have 3rd party tools that allow tweets of your posts or Facebook likes then yes, it's going to apply.  If you have Adverts like adsense and other click through advertising.  Because all of these things use the type of cookies that would not be seen as 'strictly necessary' or 'essential'.

What is a cookie?

Cookies are small text files that are placed on your device/computer by a website or read from your device by a website. These files contain only text and are usually used to remember something to make a website visit more pleasant. An example would be your user ID so that you do not need to log into every single page visited. Cookies could also be used to remember preferences or settings. Cookies do not generally store personal information, they are often used in aggregate (summed up to give counts of things) and often contain randomly generated numbers. Cookies cannot carry virus's and cannot install anything harmful to your computer. They are just text files.  There are some privacy issues with cookies though.  In fact http://www.allaboutcookies.org/ is a great site with a lot of information about them if you want to read further.

Why, What, WTF.....

The Information Commissioners Office have issued  guidance on the rules on use of cookies and similar technologies.  It explains in an easy to understand way what this all means and is really worth a read.

It all sounds a bit scary but it's not too hard to show that you have made an effort and are working towards compliance.

What can I do about it?

Create a Privacy Policy:

First you need somewhere on your blog/site that tells people what cookies you collect and why, it also needs to written in a way that is easy for Joe Average to understand.  The guidance document I linked has a great example on page 17.  I think this is the hardest bit, because if you are only partly understanding yourself what is going on then it's very hard to pass that on.

I have created my 'starter for 10' policy as a stand alone page.    I expect I'll have to do a bit of work on the 'cookies I use' part and I see it as a work in progress.
If you want help on how to create a stand alone page in blogger, here is my old post using the old blogger interface. I will update this soon to the new interface and update the link here. But for now the principle is the same.

Decide how you are going to get consent:

Some people are working on a 'I have a policy that's enough' basis.  I think if you plan to go down that route then your policy must stick out bold and brass somewhere obvious and the cookies you are using should be absolutely minimal and probably the 'essential' variety.

I know the widgets I've wafted over my blog will be using the common garden non essential variety and I think an opt in method is probably more appropriate for me (for now, until I find a better way).

I found a site http://www.heartinternet.co.uk/eu-cookie-law.html with a java script that I am using for now.  It seems fairly unobtrusive but serves the purpose. Of the pop-ups that I have seen, this seems to be one of the least annoying.

It is a simple script that I have dropped in to a html/java script gadget and it's seems to be working fine on IE9,8, FireFox, Chrome, IOS5.  If you are seeing any issues with it let me know.

If you would like me to do a step by step post of how to put it into blogger I will, just ask.

I feel that this post is now long enough but I could carry on writing so much more.  On the whole as someone pointed out to me, I know my technical readers that mainly hover around KelloggsDBA won't really be worried about the cookies from a site like mine, will hit accept and roll along.  But for many it seems like a complicated and worrying thing.

I think I will do a couple of posts based on the new blogger interface on how to do this step by step and hopefully take a bit of the stress out of it for you.  Hopefully someone on Wordpress will do a similar post.

I would be really interested to receive your thoughts and comments on this, are you going to do anything about it?  Just roll along as you are for now?  Or maybe do something different?

Talk to me.....

***UPDATE*** September 2012

The way this law is panning out becomes more unclear, whilst the wording of it has not changed and it is clear that users of websites must be made clear what cookies will be created by a site (including 3rd party cookies), it seems more and more that implicit compliance might be appropriate in some cases.  By wording this should not include site with 3rd party tracking cookies but in reality a step towards compliance with clearly identified tracking policies and clear links to telling a user how to opt out of cookies and delete them if necessary is definitely a step in the right direction.  I have decided to sit in this camp for a while and see whether any prosecutions start for those sites currently publicly challenging the law.  I'll let you know if I change my mind again later.

Posted by AGuidingLife at 9:59 am
Labels:

0 comments :

Post a Comment

Subscribe to: Post Comments ( Atom )
Related Posts with Thumbnails

  © Blogger template Simple n' Sweet by Ourblogtemplates.com 2009

Back to TOP