Help Centre

Support > Designing and Building Your Website > Adding Your Content

EU Cookies Law and How To Ensure a Website Complies With It

Cookies are very small text files that websites install on visitors’ devices for a number of reasons, such as to enable shopping baskets to work correctly and, at the other end of the spectrum, to allow advertising to become more targeted and personalised.

Cookies cannot harm your device at all, and they can make the internet incredibly easy to use, but obviously it’s only fair that it should be up to the visitor whether they accept these cookies or not. All Internet browsers, such as Google Chrome and Internet Explorer, have an optional setting to disallow these cookies, but it’s felt by legislators that greater education of web users about cookies and what they do is required, especially in an age in which online privacy is becoming more and more significant. This is why the EU Cookies Law has come into place.

What is the new EU Cookies Law and why is it needed?

The EU Cookies Law (officially known as the e-Privacy Directive) is a European law that was passed in Europe in 2011 but only came into force in the UK on May 26th 2012.

From this date, websites which include features that place cookies on a visitor's device must advise the visitor that this is occurring. The least intrusive way of doing this is by changing the name of your 'Privacy Policy' page to 'Privacy & Cookies', and updating the text to state which types of cookies are being set by your website.

The law was designed to stop privacy invasion and the tracking of the identity of visitors on a mass scale, particularly by large organisations who may be attempting to collect swathes of information about their visitors’ browsing habits without their knowledge. The law also aims to ensure that the public are more aware of cookies and what they do.

In this article we’ve summarised the main points that will be of relevance to you as a customer of Create, particularly the four categories of cookie as defined by the International Chamber of Commerce, and what website owners should do when they are setting them.

What are the four categories of cookie and what should I do if I know my website sets them?

1. ‘Strictly necessary’ cookies

These are cookies that are necessary to place on the visitor’s device in order for the site to fulfil its primary function, such as cookies that enable the visitor to log in to an account or add things to their shopping basket.

For example, when you visit an online shop and put an item in your shopping basket, you’ll find that you can navigate away from that page and return later with the items still in your basket. That’s the cookie on your device remembering the contents of the basket. 

These are the only cookies that don’t, under the new law, require the website owner to notify the visitor about them. However, at their discretion, a website owner may wish to add details about the specific cookies their website sets, including 'strictly necessary' cookies.

If you know that your website sets these types of cookies, you may wish to add the following text to your 'Privacy & Cookies' page:

This website sets strictly necessary cookies. These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

Create widgets and features that set 'strictly necessary' cookies: None. The Create shopping basket is innovative in that it does not set cookies at all.

2. Performance cookies

These cookies collect statistics about how visitors use a website, for instance where the visitor arrived to the site from, how long they spend there and which pages get visited most often.

Google Analytics is an example of a performance cookie. Website owners can collect information about their site using the Google Analytics cookie and then assess and make improvements to their site based on the results.

According to the law, website owners that place performance cookies on their visitor’s devices must update their Privacy Policy to include a notification that these cookies are being placed.

If you know that your website sets these types of cookies, you may wish to add the following text to your 'Privacy & Cookies' page:

This website sets performance cookies. These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.

Create widgets and features that set performance cookies: Google Analytics. If you are using our Google Analytics widget, we'd recommend that you include the above text or a variation of it on your 'Privacy & Cookies' page.

3. Functionality cookies

These cookies allow the website to remember choices a visitor makes (such as the visitor’s name, language or region) and provide enhanced, more personal features. For instance, a website may be able to provide local weather reports or traffic news by storing in a cookie the region in which the visitor is currently located.

Generally, these cookies do not track the visitor’s browsing activity on other websites, and the information they collect is usually anonymous. However, in some cases, cookies that perform these functions are used to tailor advertising to the visitor. For instance, if the cookies know where the visitor is, they know which local businesses to promote on the website. If this is the case, these functionality cookies will fall into the fourth category of cookie: Targeting cookies.

If you know that your website sets functionality cookies, you may wish to add the following text to your 'Privacy & Cookies' page:

This website sets functionality cookies. These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

Create widgets and features that set performance cookies: Google Map. If you are using our Google Map widget, we'd recommend that you include the above text or a variation of it on your 'Privacy & Cookies' page.

4. Targeting cookies (or 'Advertising cookies')

These are cookies that sit on the visitor’s device and record their browsing habits and preferences. This information is then used to define visitor interests and therefore tailor marketing and online advertising to them.

For example, if you are logged into your Facebook account, every page you visit that contains a Facebook ‘Like’ button sends the fact that you’ve visited that page back to Facebook, which can use this information to make sure you only see advertisements on Facebook which are relevant to your interests. This occurs whether you decide to ‘Like’ the page or not.

Whether you consider targeting cookies a sneaky way of spying on you or a way of making sure you only see adverts that might interest you, it’s primarily these cookies that the new EU Cookies Law is trying to govern. The law attempts to ensure that visitors are aware that information is being collected about them and that this information will be used to tailor advertising to them.

If you know that your website sets these types of cookies, you may wish to add the following text to your 'Privacy & Cookies' page:

This website sets targeting cookies. These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

Create widgets and features that set performance cookies: Facebook 'Like' and Google '+1'. If you are using either of these widgets, we'd recommend that you include the above text or a variation of it on your 'Privacy & Cookies' page.

Note regarding Create's YouTube Widget: On May 25th 2012, we updated our YouTube widget to a compliant, cookieless version. To update to this version, just go to the YouTube widget, click the “Edit” pencil, click “Save Changes”, then republish your website. The YouTube widget will automatically be updated to our cookieless version and you won’t see any difference to the video or to your site. If you have already updated there is no need to do so again. Also, if you added the YouTube widget after 25th May 2012, there is no need to update.

We're happy to say that no other widget or feature supplied to you by Create will set cookies on your visitors' devices.

IMPORTANT NOTE: If you follow the above steps where appropriate, your website should be compliant with the EU Cookies Law. However,Create cannot take responsibility for the compliance of cookies placed by website features that were built using HTML fragments which were sourced externally (i.e. that did not come with the Create package). If you are concerned about cookies you know are set by externally-sourced features, we advise you to in the first instance contact the supplier of this feature and ask for advice concerning the feature and cookies it may set. Alternatively, you could contact the Information Commissioner’s Office (the department responsible for providing assistance with the EU Cookies Law) on 0303 123 1113 and seek advice on how to make these features compliant.

Please note that your Customer Account Manager will not be able to assist you with cookies set by externally-sourced features.

Ultimately, our advice is to take this opportunity to update or create your Privacy & Cookies page.We’d recommend browsing your site with the Mozilla Firefox add-on ‘Ghostery’ installed as this will tell you which cookies are set by each page of your site when you browse it.

We hope that this article has helped you to understand cookies and assisted you in your compliance with the new EU Cookies Law. If you would like more information on cookies and the law, here is some official further reading:

The ICO’s Official Article on Cookies: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx