The EU cookie law (e-Privacy Directive)
The ePrivacy legislation has been in place since 2009. It is a set of rules that has come to be known as the "cookie law". The cookie provision resulted in an overload of consent requests for internet users and thus has been streamlined. This includes clarifiying that no consent is needed for non-privacy intrusive cookies.
Below is some reference information on cookies and the categories they fall into.
What is a cookie?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie.
Cookies are useful because they allow a website to recognise a user's device. You can find more information about cookies at: www.allaboutcookies.org and www.youronlinechoices.eu for a video about cookies visit www.google.co.uk/goodtoknow/data-on-the-web/cookies
Persistent cookies - these cookies remain on a user's device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
Session cookies - these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
Category 1: strictly necessary cookies
These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.
These cookies enable services you have specifically asked for. No consent is required.
- Remembering previous actions (e.g. entered text) when navigating back to a page in the same session.
- Managing and passing security tokens to different services within a website to identify the visitor's status (e.g. logged in or not)
- To maintain tokens for the implementation of secure areas of the website
- To route customers to specific versions/applications of a service, such as might be used during a technical migration
Category 2: performance cookies
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don't collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
These cookies collect anonymous information on the pages visited.
- Web analytics - where the data collected is limited to the website operator's use only, for managing the performance and design of the site. These cookies can be third-party cookies but the information must be for the exclusive use of the publisher of the website visited.
- Ad response rates - where the data is used exclusively for calculating response rates (click-through rates) to improve the effectiveness of advertising purchased on a site external to the destination website. If the same cookie is used to retarget adverts on a third-party site this would fall outside the performance category (see Category 4)
- Affiliate tracking - where the cookie is used to let affiliates know that a visitor to a site visited a partner site some time later and if that visit resulted in the use or purchase of a product or service, including details of the product and service purchased. Affiliate tracking cookies allow the affiliate to improve the effectiveness of their site. If the same cookie is used to retarget adverts this would fall outside the performance category (see Category 4)
- Error management - Measuring errors presented on a website, typically this will be to support service improvement or complaint management and will generally be closely linked with web analytics.
- Testing designs - Testing variations of design, typically using A/B or multivariate testing, to ensure a consistent look and feel is maintained for the user of the site in the current and subsequent sessions.
Category 3: functionality cookies
These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. The information these cookies collect cannot track your browsing activity on other websites.
- Remembering settings a user has applied to a website such as layout, font size, preferences, colours etc.
- Remembering a choice such as not to be asked again to fill in a questionnaire.
- Detecting if a service has already been offered, such as offering a tutorial on future visits to the website.
- Providing information to allow an optional service to function such as offering a live chat session.
- Fulfilling a request by the user such as submitting a comment.
Category 4: targeting cookies or advertising cookies
These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator's permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
- Cookies placed by advertising networks to collect browsing habits in order to target relevant adverts to the user. The site the user is visiting need not actually be serving adverts, but often this will also be the case.
- Cookies placed by advertising networks in conjunction with a service implemented by the website to increase functionality, such as commenting on a blog, adding a site to the user's social network, providing maps or counters of visitors to a site.