In line with recent changes in European legislation, UK law now requires website operators to ask for a website user’s permission when placing certain kinds of cookie on their devices. Where consent is required, the law states that it should be “informed consent”. This increases the duty on website owners to ensure that visitors understand what cookies are and why the website operators want to use them.
The International Chamber of Commerce (UK) has outlined four categories of cookie (these are not definitive). Where a cookie does not fit into an appropriate category, website operators will have to devise their own descriptive wording and consent approach. Whatever mechanism is used, the user should be given a clear, informed choice.
Category 1: Strictly necessary cookies
These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.
- Remembering previous actions when navigating back to a page in the same session.
- Managing and passing security tokens to different services within a website to identify the visitor’s status (e.g. logged in or not)
- To maintain tokens for the implementation of secure areas of the website
- To route customers to specific versions/applications of a service, such as might be used during a technical migration
These cookies must not be used
- To gather information that could be used for marketing to the user.
- To remember customer preferences or user ID’s outside a single session (unless the user has requested this function).
|For those types of cookies that are strictly necessary, no consent is required.|
Category 2: Performance cookies
- Web analytics — where the data collected is limited to the website operator’s use only, for managing the performance and design of the site.
- Ad response rates — where the data is used exclusively for calculating response rates (click-through rates) to improve the effectiveness of advertising purchased on a site external to the destination website.
- Affiliate tracking — where the cookie is used to let affiliates know that a visitor to a site visited a partner site some time later and if that visit resulted in the use or purchase of a product or service, including details of the product and service purchased.
- Error management — typically this will be to support service improvement or complaint management and will generally be closely linked with web analytics.
- Testing designs — Testing variations of design, typically using A/B or multivariate testing, to ensure a consistent look and feel is maintained for the user of the site in the current and subsequent sessions.
“By using our [website][online service], you agree that we can place performance cookies on your device These cookies don’t collect information that identifies a visitor. All information collected by these cookies is anonymous.”
Category 3: Functionality cookies
These cookies are used to remember customer selections that change the way the site behaves or looks. It might also include cookies that are used to deliver a specific function. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
- Remembering settings a user has applied to a website such as layout, font size, colours etc.
- Remembering a choice such as not to be asked again to fill in a questionnaire.
- Detecting if a service has already been offered, e.g. a tutorial on future visits to the website.
- Providing information to allow an optional service to function e.g. a live chat session.
- Fulfilling a request by the user such as submitting a comment.
“By using our [website][online service], you agree that we can place functionality (persistent/session) cookies on your device. These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features.”
Category 4: Targeting cookies (aka advertising cookies)
These cookies are used to deliver adverts more relevant to you and your interests. They are usually placed by 3rd party advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers.
- Cookies placed by advertising networks to collect browsing habits in order to target relevant adverts to the user.
- Cookies placed by advertising networks in conjunction with a service implemented by the website to increase functionality, such as commenting on a blog, adding a site to the user’s social network, providing maps or counters of visitors to a site.
“By using our [website][online service], you agree that we can place advertising (persistent/session) cookies on your device. These cookies are used to deliver adverts more relevant to you and your interests They may also used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign.”