“Not again!” is bound to be a common reaction to this topic. I’ve blogged about it twice already this year, after all…
Jan 11th – Cookies and your Website
Mar 16th (yes, only 2 weeks ago) – Cookie Audit
Why write again so soon? I seriously considered not doing so, but this Econsultancy article is just too important to ignore.
What’s changed?
If you remember, the advice so far has been that most cookies are deemed ‘non essential’ and so consent should be sought before placing them on a user’s computer. Most controversially, analytics cookies have been included in this category, with products such as Google Analytics looking likely to be deemed irrelevant at a stroke if every company decides to follow the letter of the law.
With the deadline for compliance less that two months away, my advice was for you to put plans in place to start utilising an alternative product, so that once the ICO start challenging the higher-profile non-compliant companies you can implement the change pretty rapidly.
Lack of clarity
I don’t think anyone really expected this situation to change much in the interim period, and clarity would only be achieved once prosecutions started to flow.
Then the Government Digital Service decided that it could decree analytics cookies to be essential to their business, and non-invasive from the customer’s point of view. Yes, another arm of the government is taking a contrary view to that of the ICO. Oh to be a fly on the wall of the ICO’s office when that news filtered through!
Are analytics cookies OK now?
No-one knows for sure if the ICO will challenge this view. Maybe next week that too will have changed (and I’ll have to find yet another cookie image). For now we’ll have to assume that the waters will stay muddied.
Thus, whilst it seems a little more likely now that analytics cookies will escape the net, I still think it sensible to produce a plan that includes replacing your analytics package.
No change then?
Not really, you should still consider the retention of analytics cookies a significant risk, and be ready to remove them in a controlled but rapid manner if the ICO start getting heavy-handed.
Any other non-compliant cookies on your site will remain non-essential, particularly those insidious 3rd party advertising ones that creep in where you least expect them. You should be seriously considering taking action to remove them regardless of the status of analytics cookies.
You should also be looking at means by which your website can gain consent should you decide you want to leave some cookies on there.
As before, our Website Cookie Audit package can help you put a plan in place for a time when you may need to take action.
If you need a “Plan B” and run a Windows IIS based website, then my low cost “Cookie Free Analytics” solution may be of interest.
Best of both worlds, keep using Google Analytics without the worry of cookies.
Looks an interesting solution, Dave. Unfortunately my customer’s sites are all on a LAMP infrastructure.