Web Site Cookies: Advice On Their Use

Posted on 2012-06-27 by mike

The UK has recently adopted a law in line with European legislation covering the use of web site cookies. Anyone involved in the production of web sites that may use cookies should be familiar with the law any appropriate advice. Given the likelihood of cookie warning fatigue – particularly given the nature of just how intrusive some of these warnings are – it is worth remembering to avoid warning about the use of cookies obtrusively where the use of cookies is not an invasion of privacy.

The University statement on the use of cookies on the main University website can be found here. You may wish to include your own warning about privacy (including cookies) on your own website(s), or link to the University one.

The following originates as an advice note regarding the use of cookies and expands on the information above :-

Introduction

In line with recent changes in European legislation, UK law now requires website operators to ask for a website user’s permission when placing certain kinds of cookie on their devices. Where consent is required, the law states that it should be “informed consent”. This increases the duty on website owners to ensure that visitors understand what cookies are and why the website operators want to use them.

The International Chamber of Commerce (UK) has outlined four categories of cookie (these are not definitive). Where a cookie does not fit into an appropriate category, website operators will have to devise their own descriptive wording and consent approach. Whatever mechanism is used, the user should be given a clear, informed choice.

The Categories

Category 1: Strictly necessary cookies

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

Examples include:

  • Remembering previous actions when navigating back to a page in the same session.
  • Managing and passing security tokens to different services within a website to identify the visitor’s status (e.g. logged in or not)
  • To maintain tokens for the implementation of secure areas of the website
  • To route customers to specific versions/applications of a service, such as might be used during a technical migration

These cookies must not be used

  • To gather information that could be used for marketing to the user.
  • To remember customer preferences or user ID’s outside a single session (unless the user has requested this function).
For those types of cookies that are strictly necessary, no consent is required.

Category 2: Performance cookies

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works. Web analytics that use cookies to gather data to enhance the performance of a website fall into this category. For example, they may be used for testing designs and ensuring a consistent look and feel is maintained for the user. They may also be used to track the effectiveness of ‘pay-per-click’ and affiliate advertising

Examples include:

  • Web analytics — where the data collected is limited to the website operator’s use only, for managing the performance and design of the site.
  • Ad response rates — where the data is used exclusively for calculating response rates (click-through rates) to improve the effectiveness of advertising purchased on a site external to the destination website.
  • Affiliate tracking — where the cookie is used to let affiliates know that a visitor to a site visited a partner site some time later and if that visit resulted in the use or purchase of a product or service, including details of the product and service purchased.
  • Error management — typically this will be to support service improvement or complaint management and will generally be closely linked with web analytics.
  • Testing designs — Testing variations of design, typically using A/B or multivariate testing, to ensure a consistent look and feel is maintained for the user of the site in the current and subsequent sessions.

Consent wording:

By using our [website][online service], you agree that we can place performance cookies on your device These cookies don’t collect information that identifies a visitor. All information collected by these cookies is anonymous.”

Category 3: Functionality cookies

These cookies are used to remember customer selections that change the way the site behaves or looks. It might also include cookies that are used to deliver a specific function. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

Examples include:

  • Remembering settings a user has applied to a website such as layout, font size, colours etc.
  • Remembering a choice such as not to be asked again to fill in a questionnaire.
  • Detecting if a service has already been offered, e.g. a tutorial on future visits to the website.
  • Providing information to allow an optional service to function e.g. a live chat session.
  • Fulfilling a request by the user such as submitting a comment.

Consent wording:

By using our [website][online service], you agree that we can place functionality (persistent/session) cookies on your device. These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features.

Category 4: Targeting cookies (aka advertising cookies)

These cookies are used to deliver adverts more relevant to you and your interests. They are usually placed by 3rd party advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers.

Examples include:

  • Cookies placed by advertising networks to collect browsing habits in order to target relevant adverts to the user.
  • Cookies placed by advertising networks in conjunction with a service implemented by the website to increase functionality, such as commenting on a blog, adding a site to the user’s social network, providing maps or counters of visitors to a site.

Consent wording:

By using our [website][online service], you agree that we can place advertising (persistent/session) cookies on your device. These cookies are used to deliver adverts more relevant to you and your interests They may also used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign.

This entry was posted in Uncategorised. Bookmark the permalink.