On the 26th May 2012 all UK business websites should be compliant with the EU Cookie Directive or they may face a fine. If you aren’t compliant yet – don’t worry! It’s not difficult or expensive. You can get it sorted on WordPress in a few minutes with a free plugin that’s easy to install.
The information below tells you all about cookies, the Cookie Directive and how you can make sure you are compliant. If you know the basics just skip down to the juicy implementation stuff!
- What is a cookie?
- What are functional reasons for using a cookie?
- What are tracking reasons for using a cookie?
- Are cookies dangerous?
- What is the Cookie Directive?
- How do I know which cookies I have on my site?
- What should the opt-in message include?
- How do I make sure my WordPress website or blog is compliant?
- Installing Cookillian
What is a Cookie?
A cookie is data stored by a website in a browser, which is sent back to the website by the browser. They are a way for websites to remember things and are used for both functional reasons and tracking reasons.
What are functional reasons for using a Cookie?
Some websites need to use cookies so they work. An essential functional (or strictly necessary) cookie enable you to navigate a website and use it’s features. Without these cookies functions like logging into your account, creating a shopping basket and search facilities wouldn’t work.
What are the tracking reasons for using a Cookie?
Some companies use tracking or performance cookies to find out how people are using their website. The most common cookies used for this purpose are Google Analytics cookies. This information can be used for a variety of reasons, including:
- Finding out how many people visit a site to make sure the bandwidth you have can cope with the number of visitors you expect to get.
- Finding out which web browsers and devices people are using to make sure their website is suitable for a majority of users.
- Understanding how people use the website to make improvements for website users and resolve any problems quickly.
- Some companies use this information for marketing and revenue purposes e.g. telling potential advertisers how many people visit their website or using it to develop their own advertising and marketing campaigns.
Every business website in the EU should already have a Privacy Policy telling you how the information collected by tracking cookies is used by them. This new Directive means that you have to also ask permission before you place the cookie in their browser.
Are cookies dangerous?
No. Cookies can’t be used to spread computer viruses or malware. The concerns about cookies are to do with privacy.
What is the Cookie Directive?
The Cookie Directive is a law that requires all business websites to disclose which cookies they use, and explicitly gain permission to use them from you website visitors. In May 2011 the Cookie Directive became law and applies to all European countries including the UK. UK business websites must be compliant by 26th May 2012 (that’s this Saturday) or you might face a fine.
How do I know if I need an opt-in for cookies on my site?
To find out if you need an opt-in for cookies you need to answer two questions:
1. Is it a business site or a personal site? Only business sites need cookie opt-ins.
2. What do the cookies on your site do? If you only have functional cookies that are essential for users to be able use your site you don’t need an opt-in form. If you have tracking cookies you must have an opt-in form.
How do I know which cookies I have on my site?
You can find out which cookies are running on your site using the Firefox browser. Open a tab with your website on it and in the browser menu bar go to Tools > Page Info. Click on Security and then the View Cookies button.
What should the opt-in message include?
The opt-in message should tell people briefly that you store cookies, why and which cookies you use. You should then link to your Privacy Policy page for more information.
If possible include a Yes/No button so it’s quick and easy for people to opt-in or opt-out.
This is the text on the Mariposa website (click on the image to enlarge):
“This site uses cookie to store information about how you use the website, so we can improve the site and provide you with the best experience when you visit. We use Google Analytics to do this. To find out more please read our privacy policy.”
You can see three different examples of wording at ICO, BT and Durham County Council.
How do I make sure my WordPress website or blog is compliant?
If you are using WordPress there are plugins that can do most of the work for you. I’ve tried the three most popular and Cookillian seems to be the best choice because you have more control over what the plugin does and I’m confident that I am compliant. Most importantly it doesn’t place any cookies in the browser until a user opts-in or opts-out, which ensures no data is collected without consent. Alternative plugins are CookieCert and EU Cookie Directive.
Cookillian is a free plugin, but you can donate to the creator via the Cookillian WordPress Plugin page.
(Note: You need PHP 5.3.0 for Cookillian to work, if you get an error get in touch with your hosting provider and ask them to upgrade your account to PHP 5.3.0 or higher. The hosting provider for Bright by Design did it within 2 hours of my request.)
Installing Cookillian
1. Go to Plugins > Add New and search for ‘Cookillian’ and then Install Now and Activate Plugin (alternatively download and upload manually)
2. Go to Settings > Cookies
3. Adjust the Cookillian settings as follows:
Auto-add cookies – Keep this checked
GeoLocation Service – If you get high volumes of traffic from Europe take a look at the CloudFlare option, otherwise keep it as geoPlugin
Countries – You need to check boxes against all EU Member Countries. There’s a full list of EU Member countries on the europa.eu website
Show Alert – Set to automatic
Alert Content – Default uses the text in the Alert Heading and Alert Text boxes. Custom allows you to create your own content in HTML. If you’re not sure use Default.
Content– Edit the content to say what you want it to and make sure it links to your privacy policy, using HTML e.g. <a href=”privacy policy link URL goes here”>Privacy Policy</a>
Javascript – Put your Google Analytics tracking cookie JavaScript in the Header and/or Footer boxes.
Advanced Options – Check the box next to Root Cookies. If the code you’ve put into the Header and/or Footer boxes has <script> at the beginning and </script> at the end make sure you uncheck the Javascript Tags option. Leave the other two boxes unchecked, unless you use cookie-based PHP sessions, in which case make sure PHP Sessions is checked.
4. Delete the Google Analytics code from where it was previously stored in your website. This might be in header.php (Appearance > Editor) or if you’re using the Thesis theme it should be in Thesis > Site Options under Stat & Tracking Scripts.
If you’re not sure which code to delete ask someone who’s familiar with WordPress and Google Analytics to do it for you.
5. To test that Cookillian is working correctly visit your website in the Firefox browser.
Check Opt-Out: Select your NO option. View cookies for the page (Tools > Page Info – Security – View Cookies) and the only cookie should be cookillian_opt_out. (unless you have functional cookies (link) running)
In View Cookies clear all your cookies and revisit the page.
Check Opt-In: This time select your YES option. View cookies for the page again and this time you should see cookillian_opt_in and your tracking cookies, e.g. for Google Analytics this is _utma, _utmb, _utmc_ and utmz.
And you’re done!!! With all this talk of cookies I think it’s time for a well deserved cuppa and a biscuit!
Further details about the Cookies Directive can be found at the ICO website or in this ICO document (pdf).
If you have any other questions leave them in the comments below or email me helen@mariposadevelopment.com and I’ll do my very best to answer them.
{ 0 comments… add one now }