A cookie is a chunk of data stored in your browser/device as a small text file by a website when a page is visited. This data is then sent back to the website on subsequent visits or when you navigate different pages within the domain. This enables your browser to remember if you are logged in to the site, if you have visited the site previously and to remember your preferences for the site.
Cookies can only contain data and not code so therefore cannot carry viruses or install malware on a computer.
The International Chamber of Commerce has separated cookies into four categories:
1. Strictly Necessary Cookies
These cookies allow access to services a visitor has specifically asked for like a shopping basket or e-billing. These make the website work, so there is no opt-in required.
2. Performance Cookies
These cookies track things like site analytics (page visits, error messages, bounce etc.) and, although aggregated and anonymous, require opt-in.
3. Functionality Cookies
These cookies allow a site to remember things like login details, geocaching (e.g. using specific currency), the ability to comment on a blogpost and personal preferences like font size. These can be anonymous and won't track usage on other sites, but must be opt-in.
4. Targeting/Advertising Cookies
These cookies are sometimes known as third-party cookies. These are cookies being created by a different domain than that in the address bar. For example, this happens when a website has an advertising banner on it. The advert sets a cookie which then allows the advertiser to track the user across all the sites on which they advertise.
When I log into Facebook the ads displayed in the sidebar by Google show adverts for knitting sites and products. This is because I have previously Googled searched “knitting”, and when I did this Google set a cookie which stored this data and remembered it later on Facebook - targeting cookies. These are the main reason the law was implemented and must be opt-in.
Your website is probably much smaller than Google and doesn't store cookies in this specific way, but will still use necessary, performance and functionality cookies to track visitors to your site. If you use social media plugins like a Twitter stream on your site or have any advertising from a third-party it will also be using advertising cookies too.
What is the law?
I'll start with the bottom line: You have to demonstrate that you are actively seeking visitors' permission to set cookies.
I.e., most cookies must be opt-in.
The law was introduced by the Information Commissioner's Office (ICO) in May 2011 and website operators have until May 26th 2012, when the law goes active, to comply.
What do I need to do?
In short, you need to demonstrate that you are actively seeking permission to set cookies! For bigger sites, we would recommend that you do a quick Cookie Audit to see what sorts of cookies you are using, and they will then suggest the best way to comply with cookie law for your site. For smaller sites, there are a few different ways you can demonstrate seeking permission.
How do I do it?
Here's another one:
This is a free, easy to use resource:
If you would like SubHub to fully install this for you for a one-off fee of $97 then don't hesitate to contact firstname.lastname@example.org
For more information about cookies and what they do visit http://allaboutcookies.org
To read the ICC's complete guide to compliance visit http://www.international-chamber.co.uk/components/com_wordpress/wp/wp-content/uploads/2012/04/icc_uk_cookie_guide.pdf
Some other useful sites: