In response to the global health pandemic COVID-19, the ICO has suggested a degree of flexibility will be given to organisations around compliance of the cookie rules. They have acknowledged the current health situation with a pragmatic and empathetic response. You can read that response from the ICO here.
This will come as good news for charities and not-for-profit organisations in the short-term. Now that you can relax a little, we’ll explain why the rules are important, how cookies impact your website and users, and what you need to do.
What are cookies?
Cookies are small files that might be downloaded to your computer when you visit a website. They help to remember bits of information that the website can use to identify your preferences.
The first type of cookies is ‘necessary cookies’. These are required by the website to remember data about you and ensure the website works as intended. Examples of these might be remembering log-in details or what you’ve put in your shopping basket. You can’t turn these cookies off, as the website may stop working.
Next are the analytics cookies, which collect and report on how you use a website, such as recording the number of people visiting, how long they browse and which pages they visit. This data is anonymised – you can’t be personally identified by the information gathered. Websites collect this data to see how people use their site, which allows them to make improvements with the aim of helping you use the site more effectively.
The final type is marketing cookies. These allow companies to track the websites and content you visit across the internet, sharing the data for advertising purposes. These cookies are used to build up a profile about you and your interests that can be used by any affiliated site to suggest content or products that you may be interested in. The combination of data collected may be able to personally identify you.
Who is the ICO and what are their rules on cookies?
The new guidance makes an important distinction between types of cookies and how they should be handled.
Essential and non-essential cookies
Cookies are considered essential if they are ‘strictly necessary’ for the website to function. For example, cookies that load pages correctly or that protect customers’ online bank details.
Non-essential cookies include analytics and marketing cookies. These can help you collect useful data on your website users, but this information isn’t essential for the website to function.
What do the rules say?
If a cookie isn’t essential – users must consent to its use before it can run on the website. This has several consequences:
- When users first access a website, ‘non-essential’ cookies must be turned off. The user has to opt-in to their usage.
- When users are asked to accept or reject ‘non-essential’ cookies, neither option can be privileged over the other.
- If users don’t opt-in to ‘non-essential’ cookies, they must still be given access to the website.
What this means for your website
This approach is not permitted under the new rules so many cookie policies need updating. The ICO has made it clear that ‘cookie compliance will be an increasing regulatory priority’ – this includes enforcement and potential fines for breaching the rules.
These new rules have potentially far-reaching implications. If you’re unsure how they might affect your website, we can guide you through any changes that need to be made for your website.
Fat Beehive can’t offer legal advice, but if you’d like to discuss your options and our approach, feel free to contact them on [email protected] and they’d be happy to chat!