The new cookie rule for websites

SJK

Addicted to pilates geek
#1
I've had an email from 123reg to tell me about the new cookie rule for websites. As I understand it, you have to get permission from users before your website stores cookies on their computer. If you don't, you face a fine. I'm panicking, and so my questions are:

How do I find out if what cookies I have on my website? I run a very simple website using Weebly, with the domain name bought from 123reg.

How on earth do I put up an opt-in as 123reg suggest, so that people can choose to accept my cookies or not?

Is this the end of do-it-yourself websites for business as we know it?
 

SJK

Addicted to pilates geek
#2
Bumping.
 
#3
I havent heard anything about it. Can you copy and paste the email? It doesn't sound very likely.....no one has ever succesfully 'policed' the internet.
 

happyfeet

Well-Known Member
#4
Hi hun

This is probably a question for weebly who host your website.

Love n hugs x x x
 

#5
Basically, websites store cookies so that someone returning to your site has their preferences set up and waiting for them.

I'm fairly sure that weebly sites don't use them for visitors - only for people building sites where you need to log in.

Couple of questions that might help - does any of your visitors log in to your site? Can they choose how the site looks? Does it have any "active" content that changes from visitor to visitor?

If not and it's a flat site, then you're fine. If you're really worried about it, link to your site here (or send me a PM if you'd rather) and I'll have a quick look today and let you know. Relax though - it'll be fine, the legislation's not designed to trip honest business owners up, it's more to stop information harvesting.
 

SJK

Addicted to pilates geek
#6
Hi Furious, and thanks for your help.

No, visitors don't log in, they can't customise the site, and the site doesn't remember them. It's just a standard little site, similar to that of most techs. Really basic, the best I could do myself. All that said, I'm assuming I'll be fine, thank you so much for your help.
 

Ruth Mills

Well-Known Member
#7
I'm using this little jQuery plugin myself - CookieCuttr - A tailorable jQuery plugin to deal with the EU Cookie Law (which I've just been testing this evening - talk about leaving things until the last minute lol).

This will initially pop up a message at the top of a website the first time someone visits the site, where you can choose to either accept or decline cookies. You're allowed to keep using "essential" cookies on your website - ones which your website would not work properly without - such as the "session ID" cookie that would be needed for a shopping cart website - but must give people the option not to have non-essential cookies (such as Google Analytics, or any cookies used by the Wibiya Toolbar, which can be used to link Facebook and Twitter to your website).

If you're not using Google Analytics, or any similar form of web analytics, aren't running banner adverts on your site such as Google AdSense or Google DoubleClick for Publishers, and don't have the Wibiya Toolbar or any Facebook "Like" buttons or anything like that, then you're probably safe; you can check what cookies (if any) your website is setting by using the "Developer Tools" option in Google Chrome anyway.

To put your mind at rest, the chances of you being landed with a £500,000 fine if your website isn't complying should be pretty remote too; initially the Information Commissioner's Office will probably be going after the "big guys" who aren't complying with the cookie regulations - like big e-commerce sites and whatnot - and even then, they'll likely be giving them the opportunity to comply with the regulations rather than fining them straight away anyway. So I wouldn't get too paranoid about the whole cookie thing at this stage, to be honest.
 

Verve Designs

TAFNO Extensionize
#8
BBC News - Cookie law set to come into force

It is happening- and most, if not all, websites use cookies.

The good news is that you have a year to do something about it, and that "doing something about it" will probably be done by the people hosting your site in many (though not all) cases.
 

Ruth Mills

Well-Known Member
#9
BBC News - Cookie law set to come into force

It is happening- and most, if not all, websites use cookies.

The good news is that you have a year to do something about it, and that "doing something about it" will probably be done by the people hosting your site in many (though not all) cases.
Alas not; the year's grace ends today. But I still can't imagine the Information Commissioner's Office taking a particularly hard line against a small salon website that just runs Google Analytics.
 

Verve Designs

TAFNO Extensionize
#10
Alas not; the year's grace ends today. But I still can't imagine the Information Commissioner's Office taking a particularly hard line against a small salon website that just runs Google Analytics.

Ooer! You're right! I mis-read it!

What are your plans for the sites you do Ruth?
 

Ruth Mills

Well-Known Member
#11
Ooer! You're right! I mis-read it!

What are your plans for the sites you do Ruth?
I'm using the CookieCuttr jQuery plugin - CookieCuttr - A tailorable jQuery plugin to deal with the EU Cookie Law - I've got it to just add a little box saying "Cookies?" in the top-right hand corner of the website... when you click on the link, that then takes you to a "Cookie Policy" page, which has a couple of buttons at the top of it - one to hide the message and the other to decline cookies.

I've taken the same approach as the BBC website and the BT website, which is to enable cookies by default (as lots of my clients love their Google Analytics and Wibiya toolbars - which both set cookies) - and then to warn people that if they decline cookies, then some features on the website may stop working.

I then list which are the "essential" cookies (in my case, ROUTEID, which the Apache web server uses for load balancing, JSESSIONID, which the Java web application sets, for session tracking - things like shopping carts won't work without these two cookies being set - and - ironically - the cookie which the jQuery plugin sets to say whether you have accepted or declined cookies - which sounds quite illogical - setting a cookie to say you don't want cookies). These "essential" cookies won't be disabled by clicking the "Decline Cookies" button - as the website won't work properly without them (and so you are allowed to keep setting them as per the EU regulations).

I then list which parts of the website set "non-essential" cookies - which are usually just Google Analytics and/or the Wibiya toobar - these *will* be disabled if someone declines cookies.

But having a small "Cookies?" box in the right hand corner of the browser is a lot less intrusive than what I initially tried last night (which was to display a much larger message on every page with the accept/decline buttons); I had one client email to say that they *hated* the bigger message that I had at the top of the page initially - and we can't have clients being peed off on account of silly EU regulations (as I personally think that all this cookie business *is* rather silly - but - at the same time - it makes sense to comply - in the least intrusive way possible - just to cover myself and my clients so that neither I or they get hassled by the Information Commissioner's Office - as we've actually taken steps to comply with the law - whereas countless other people probably won't have done)...
 
#12
They've actually updated the guidelines at the last minute, and now they're saying:

Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies

Taken from Cookies Regulations and the New EU Cookie Law - ICO

As far as I understand it (and in all honesty, the guidance is pretty hazy), so long as people understand that there's cookies in use, then there's no need for implicit consent like having to click a confirm button.

It's a little ridiculous anyway. I'd say most web users have no idea what cookies are or what they're used for, and giving options without information is generally meaningless. As an example, a quick look at this site shows me that they're using cookies for:

- DoubleClick
- Google AdWords
- Google Analytics

Now, I know what those are, and I know they're harmless, but if I didn't know what DoubleClick was, how do I know if I should accept it or not?

It'll be interesting to see how (and if) sites alert their users.
 

#13
#14

Ruth Mills

Well-Known Member
#15
You appear to be right - I'm quite surprised that you don't even seem to have any analytics or anything. How do you know people are actually going to your website?
Yep - I can't see any cookies on Developer Tools on Google for that website.

However, cookies aren't the only way of estimating how many people are visiting a website; there are other tools that work by analysing web server log files - such as Webalizer, AWStats, etc... although the stats they generate aren't as comprehensive as Google Analytics.
 

#16
You appear to be right - I'm quite surprised that you don't even seem to have any analytics or anything. How do you know people are actually going to your website?
Errrrm! I kinda overlooked that! I'm a very novice builder.

Ruth, I'll look into some of those, Thanks!
 

Ruth Mills

Well-Known Member
#17
Ruth, I'll look into some of those, Thanks!
Cool, it would depend on who hosts your website and if they are happy to install the relevant software on their server (they may provide it already).

I used to run Webalizer myself, but found that there were performance issues with having separate Apache log files for each website (it was eating file descriptors for breakfast on the Linux box) - so ended up having to re-configure my Apache to use a single log file, which meant that I could no longer run Webalizer - so recommended that people switch to Google Analytics instead (which is loads better - but does use cookies).
 
#18
Does anyone know if a vista print website does this? Or doesn't and I need to?


I'm soooo confused lol
 

Ruth Mills

Well-Known Member
#19
Does anyone know if a vista print website does this? Or doesn't and I need to?


I'm soooo confused lol
Having just had a look at a VistaPrint site, I've noticed just one cookie, called "sesn", which is a "session" cookie that will be deleted when the web browser is closed. I would personally class that as being "essential/strictly necessary" for the operation of the website, as it's probably required for the content management system that VistaPrint use to work properly. I'd actually be inclined to ask VistaPrint if they think you need to do anything to comply with the EU Cookie Law as far as that is concerned, given that you're paying them for your website...
 
#20
Brilliant, I will do that. Thank you for the help :) xx
 
Top