Dotbiz by Andrew McEwan

Cookies are small pieces of code that, depending on your browser settings, can be put on your computer by websites that you visit. They can be used for a variety of reasons.

For example, if you go to a website that you’ve used before and find that it already knows who you are, that’s because it has previously left a cookie on your computer. For some sites cookies are essential for the website to work properly. If it wasn’t for cookies you wouldn’t be able to shop online – cookies store details of what’s in your shopping basket as you go from page to page.

Probably the most common use is for website analytics – the process of gathering information about visitors to sites, where they are in the world, how they came into the site, what pages they look at, and so on. In the vast majority of cases, none of this analytics information is associated with personal details – it’s purely anonymous. Some other cookies, though, can be used to build up detailed profiles of people’s browsing habits, and it’s mostly down to this type of cookie that changes are afoot.

If your website uses cookies, you’ll need to be aware of a new EU directive that came into force in May of this year. Before, if you used cookies had to:

z tell people how you are using cookies, and

z inform them as to how they could ‘opt out’ if they had objections.

Most sites have done this by including details about cookies in their privacy policy and giving people the possibility of ‘opting out’. However, now some bright spark in Europe thinks it is great idea to have to gain permission from the user before any cookie is placed on their machine. It’s a classic example of someone coming up with a directive that, however well intentioned, fails to think through just how it is going to be implemented.

There is an exception and this is if the cookie that is being placed is “strictly necessary” for the site to do what the user wants. Now, this is a pretty narrow exception, but the most obvious example is shopping sites. If the user does not allow cookies to be used, then they won’t be able to even add an item to their basket.

The government department tasked with overseeing implementation of the directive in the UK is The Information Commissioner’s Office, and if you go to their website at you can see how they have elected to gain just such permission using a message at the top of the page which will not go away until the user acts on it. Effective it may be for a purely functional, information site like this, but trying to implement such techniques on other, more design-led sites is causing a furore.

If you think that your site could be breaching this directive or you’re not even sure if your website uses cookies, don’t panic! In the UK we have 12 months grace to make the necessary changes to comply. Saying that, though, there will no doubt still be countless sites in the UK where the owners either don’t know about the new directive or how to go about making sure their site conforms. There is also still a lot of debate as to exactly what permission you need to seek, when to seek it and to how to go about doing it.

So, what can you do? Find out if your site uses cookies, what kind of cookies they are and if you actually need to use them at all. You can then work towards implementing whatever technique is best suited to your site for gaining users’ permission.

Saying all that, let’s not be surprised if the UK powers-that-be suddenly decide that enforcing this directive is not going to be practicable, and we can all stand at ease. I’ll not hold my breath, though.

Andrew McEwan of The Web Workshop in Morebattle ( designs websites, builds brands, produces videos, and markets businesses in the Borders and beyond.