Many small businesses are unaware that new privacy
legislation from the European Union is about to come into force.
But Mike Kneller, solutions director of bss digital, explains here
that the new rules will affect all businesses, regardless of
size. Anyone found in breach could face heavy
fines.
The European legislation on web privacy, which comes into force
today, will impact all British businesses with websites. The
"cookie law", or the Directive on Privacy and Electronic
Communications, will require all websites that use cookies to seek
consent from visitors to the site.
Cookies are small files commonly used by websites and online
applications to identify visitors. These can contain personal
information and reveal data on the sites someone has visited.
Say you browse the internet looking at new TVs and then later
log into Hotmail or Yahoo to check your email and discover that
banner adverts display a range of televisions - very similar to
what you were looking for. That's no coincidence, but it was caused
by cookies tracking your web behaviour.
The Information Commissioner's Office (ICO) has been given
powers to fine website owners up to £500,000 for serious
breaches in the law and they could approach any business running a
website and ask them to demonstrate how they comply. Needless to
say, the stakes are high.
The only cookies that are exempt are those "strictly necessary
for a service", so that could be those used to remember what goods
in an online shopping basket need to be paid for and those used for
online payments. The contentious cookies are those that are used to
study the customer's profile and behaviour, applied to personalise
a website or serve relevant third party adverts - as in the example
of the televisions.
It's important to bear in mind that it is not the intent of the
legislation to prevent the use of cookies for these purposes. It is
designed to ensure that all visitors to a website are fully
informed as to the use and purpose of this type of technology.
A number of businesses are either unaware of this directive or
are taking a 'wait and see' approach, hoping that the odds of being
prosecuted first are slim. But, the fact is, even if your site uses
Google Analytics to track visitors, then you are in breach of this
law.
What steps can small businesses take? First, read the guidelines from the ICO. As a website owner,
you should consult with your web developer or the provider of the
website to determine what cookies are used and what solution they
recommend to obtain consent from visitors.
Rather than taking a 'DIY approach' to finding out about the
cookies on your website, speak to an expert to make sure your
organisation's website complies with this legislation.
Pop-ups, splash pages and asking users to accept new terms and
conditions are just some of the ways website owners can seek
consent.
There is bound to be a conflict between the desire to collect as
much information as possible about a visitor and not deterring
people away from your site. However, in the spirit of transparency,
I believe that all publicly available systems should be designed
with the user's privacy at their heart. No one wants to be held as
a test case, so it's vital that businesses take action.
To download a copy of the free Cookie Law whitepaper by Mike
Kneller, click here.
Mike Kneller has worked for over 20 years in technology and
specialises in software, networking and internet related
technologies.
For more information about bss digital click here, www.bssdigital.org.