How the new EU cookie law affects law firms
Most websites nowadays use ‘cookies’ (as I will explain) and the European Union has passed a law which means we all have to take action. Your clients need to take action, but so do you, as your firm has a website too.
What are cookies? They are tiny files that websites place on visitors’ computers. Cookies are helpful and provide many benefits. For example, they can automatically log a user in next time they visit a website - imagine having to type in your password every time otherwise.
So what do you need to do?
The EU’s Privacy and Communication Directive came into force on 26 May 2011 and will supposedly be enforced from 26 May 2012 onwards. Sounds a bit vague? You get the picture. Put simply, the law says that before putting a cookie on anyone’s computer, that user must opt in on an informed basis.
Millions of websites suddenly switching to an opt-in approach? All with pop-ups to explain which cookies are used and why? It sounds like a pretty irritating interruption that will put a lot of people off visiting a lot of completely harmless websites, doesn’t it?
This technology site is an example of what to expect, although you’ll notice that it is opt out and not opt in.
As a publisher of websites covering law, marketing and IT among other things, we went straight to Dave Chaffey, the UK internet marketing guru who writes and lectures on matters such as cookies. Chaffey explained that the regulator, the Information Commissioner's Office in this case, is not expecting instant compliance even after 26 May 2012. Although not strictly legal, you are unlikely to be prosecuted provided that you are 'moving towards compliance'. Plus, there are exceptions (‘strictly necessary’ cookies... which even the ICO itself has).
Phew. That sounds a bit more realistic for the real world (outside Brussels) that most of us inhabit.
Although some law firms may choose to be fully compliant on day one, I expect that most of them will take a wait-and-see attitude. After all, this new EU law is not about law firm websites, is it about intrusive adverting and passing on personal data.
And what will law firms advise their clients? To spend precious time and money becoming compliant to the letter of the law? Or will they offer more ‘commercial’ advice, suggesting that clients save their money but stay out of trouble by simply moving towards compliance, at least until one sees how things turn out in the next few months?
No need to ask what all the website developers will recommend. The ICO’s stipulated website adjustments seem like a bit of a windfall for them.
You can find a list of cookie audit software in the guide Coping with the EU cookie laws.
And finally, as this is a blog after all, here’s my chance to predict the future. The law will work to the extent that more websites will now reveal what cookies they are using, which is a good thing.
The law will gradually make the more reputable commercial websites move to an opt-in approach, after a messy initial period when users will be confused and put off. The law will also waste lots of taxpayers’ money as thousands of public sector websites - which were never a problem in the first place - dutifully comply.
But most websites are pretty harmless in terms of cookies/privacy and will simply continue as before (perhaps with some standard cookie wording added to their privacy statement).
Which brings us to the $64m question: enforcement. I imagine that the ICO will be completely toothless when it comes to enforcing the cookie law, just as it has been 100% ineffective in enforcing the EU’s anti-spamming laws. What about all the offshore websites that sell to EU citizens, for a start?
The ICO site is compliant (see top) and is rumoured to have instantly lost tracking of over 90% of its users. Tracking is the ‘eyes and ears’ of any website and in this respect compliance comes with a pretty severe price tag for what it achieves in return.
It’s now 10 May, we’ve less than three weeks to go. I know of many websites that will switch over to a compliant version a week before 26 May. But has anyone seen examples of full compliance already being put into practice on a commercial website? I would be interested to know.
Rory MccGwire is chief executive of BHP Information Solutions