Cookie Law

[old-school]

I'm designing a web shop that uses php and session variables and I've noticed a huge number of banners appearing on websites to adhere to the EU e-privacy directive with cookies.

I assume that some of the big sites (e.g. Apple, Amazon, Dell) are using session variables and cookies on their e-buying sites too but are just ignoring the directive? Do they put it in their terms and conditions or something? I'd rather like to adopt the same stance and avoid annoying my users with a dropdown banner if I can (no matter how nicely I animate and style it!)

 

[swordio777]

You didn't ask a specific question here so not sure whether you're looking for advice on this stance? I'll give you my thoughts anyway and you can take or leave it as you see fit

Sites like Amazon are not ignoring the directive because session cookies which are necessary for e-commerce sites to run are exempt (ie - a commerce site without session cookies would mean your shopping basket emptied itself every time you navigate to a new page). If the only cookies you are concerned about are session cookies for a shopping basket then you have nothing to worry about.

The Information Commissioners Office (who enforce the cookie directive in the UK) have also publicly said that they are not particularly concerned about analytics cookies - so if you're worried about using Google Analytics without having the drop-down banner then don't panic - the ICO will most likely turn a blind eye to that as well. In each of these cases, I would still make reference to all cookies used in your site's terms and conditions.

If you plan to use any cookies at all other than session cookies for e-commerce or analytics cookies then I think your best bet is to follow the directive. Having said that, you can probably get away with bending the rules to an extent. For example, the directive says that cookies must be "opt-in", however the ICO themselves have made their own cookies opt-out! (Bear in mind that the ICO have no control over the directive, they only enforce it in the UK).

If you visit http://www.ico.org.uk/Global/cookies you will see that the ICO have a pop-up banner at the bottom of their page which states: "We have placed cookies on your computer to help make this website better. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue." If you feel like you must use a banner but are concerned about it being intrusive, you may want to consider a similar approach. Something at the foot of the page is likely to disturb a visitor far less than something at the very top.

Hope that helps.

 

[old-school]

Thanks Swordio, that's exactly the sort of comprehensive response I was hoping for. Cookies on the site will be exclusively for e-commerce and maybe a bit of analytics so that's good news!

I was surprised at how many sites I've visited recently have put banners on, but your post has answered all my questions, so thanks.

 

[swordio777]

Thanks Swordio, that's exactly the sort of comprehensive response I was hoping for. Cookies on the site will be exclusively for e-commerce and maybe a bit of analytics so that's good news!

I was surprised at how many sites I've visited recently have put banners on, but your post has answered all my questions, so thanks.

No problem at all - glad you found it useful. It's a bit of a murky area, I suspect a lot of people are simply employing a "better safe than sorry" approach with banners. Also, the larger the organisation, the more important I think it is to err on the side of caution (the ICO are perhaps more likely to make an example of a large brand that's blatantly taking advantage / ignoring the directive).