On May 26th 2011 a new EU cookie law came into effect. The new law states that UK businesses and organisations running websites in the UK need to get consent from visitors to their websites in order to store most cookies on users’ computers.
The Information Commissioner’s office has given organisations and businesses up to 12 months to ‘get their house in order’ before enforcement of this law begins.
Cookies are little files that almost all websites use as a kind of memory. They are stored in your browser and enable a site to remember little bits of information between pages or visits. This is often used to store a user’s preferences.
The DCMS (Department for Culture, Media and Sport) are legislators they write and pass laws.
The ICO (Information Commissioner’s Office) are regulators they police and enforce the laws. ICO is obliged to investigate any complaints it gets about the use of non-compliant cookies.
According to the legislation the vast majority are - all cookies that are not "strictly necessary for a service requested by a user". The law allows an exception for "strictly necessary" cookies, such as those used to remember when something has been added to a shopping basket. These cookies would be expected by the user implicitly for the action they requested to be carried out. Another example would be login.
The ICO has issued some guidance on how to comply (http://www.ico.gov.uk/~/media/documents/library/Privacy_and_electronic/Practical_application/advice_on_the_new_cookies_regulations.pdf). This can be summed up as:
The ICO have implemented a bar at the top of their website (http://www.ico.gov.uk) which allows people to consent to cookie use.
However when ICO changed their website in order for it to conform to the requirements it resulted in a 90% drop in analytic data gathered!
Google have only made one comment so far on their Web Analytics tv http://www.youtube.com/watch?v=4sa7eWQy5r4&feature=player_embedded
Basically they said they are working with European governments to come up with a solution.
Until May 2012 ICO will be satisfied if your business is preparing for a change in the law on website cookie usage. In order to comply you would need to:
After May 2012 ICO will start enforcing the law. Nobody really knows what this means yet.
Essentially the next step is to wait until there is a further announcement by the UK government. It will worth keeping an eye on government website such as www.direct.gov.uk or organisations such as the www.bbc.co.uk to see how they react.
"Although the Information Commissioner cannot completely exclude the possibility of formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals."
More information is available here http://www.theregister.co.uk/2012/04/05/eprivacy_directive_web_analytics/
So it looks like there is a repreive for google analytics!