In May 2011, the Information Commissioner’s Office first announced that websites have to explicitly seek consent for cookies (cookies are text files that record your activity online). Later known as the EU cookie law, it took effect in May 2012 with a grace period of a year.
What’s the cookie law all about?
The cookie law is a piece of privacy legislation that requires websites to obtain consent from visitors to store or retrieve any information from a computer or any other web-connected device, like a smartphone or tablet.
It has been designed to protect online privacy, by making consumers aware of how information about them is collected by websites, and enable them to choose whether or not they want to allow it to take place.
If you are based in the EU and own a website, you are now expected to comply with the law.
How to comply to the EU cookie law?
The easiest way to comply with the cookie law is to follow the accepted standard: implied consent.
These actions may be moving from one page to another, clicking on particular buttons on the website or choosing to continue to use the website.
What are the penalties if you do not comply?
The maximum penalty is £500,000. Whilst this is the ‘maximum’, its worth pointing out that this would be a rather extreme case of failure to comply. A formal warning and enforcement notice are far more likely, but should be avoided nonetheless.
How we did it?
Since we deploy a lot of web applications and websites for our clients and ourselves, we wanted to develop a standard system for resolving this issue.
As we work primarily with Ruby on Rails, we created the cookies_eu gem to make any web application simple to comply by just adding the gem to the Gemfile. It’s open source, and you’re welcome to use it for your own Ruby on Rails applications.
If you don’t use Ruby on Rails, you can probably roll your own solution quickly in the technology you favor. We’ve provided a sample of a cookie privacy page that needs to be located somewhere on your webpage, which you can see here.