Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Best options to comply in UK Cookie Law?

Tags:

cookies

Just to be clear, I am not asking for legal advice, I am asking what technical implementations are best to allow users to turn off all or certain cookies on my sites?

Ideally the user should be able to opt out of optional cookies, so how can this be implemented? For example, how do I turn off Google Analytics cookies on a per user basis - and how do I store this users' preferences - if not in a cookie itself?

like image 493
Kilizo Avatar asked Jun 19 '12 15:06

Kilizo


2 Answers

You don't store any cookies, unless the user agreed (as the BBC does).

That means that unless you have the cookie that tells you that the user agreed, you don't emit the Google Analytics javascript or any other third party (or your own) code that will store cookies (whether done in javascript or on the server side).

like image 83
Oded Avatar answered Sep 29 '22 02:09

Oded


Take a look at the website for Number 10 Downing Street. To me, their compliance is pretty flaky in terms of making the user aware of cookies on the website, but click on the cookies link in the top right corner and you're given plenty of information on what cookies are being stored.

The law doesn't mean you can't use cookies, more that the user should leave the website if they don't want to be tracked. This specific piece of text on their privacy policy is quite interesting and may be enough to cover the functionality you're talking about:

To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.

If this approach is good enough for the Prime Minster - who would surely need amongst the most compliant websites out there for security, privacy and accessibility - it should be good enough for anyone.

like image 22
cchana Avatar answered Sep 29 '22 03:09

cchana