Ever since the new cookie law has been passed by the European Parliament, all website owners and experts have been wondering how to ensure that they and / or their clients comply with them.
Most worryingly, two months after the new law came into effect, there does not seem to be any clear guidelines.
The confusion has been such that the EU Parliament has decided that nobody will be punished for non-compliance during the first 12 months and the UK government has even decided to spend the next year looking at the laws before implementing them here.
The main issue seems to be the part of the new law which requires websites to gain consent of the user in order to be able to use cookies to track their visit.
The most obvious solution would be to show visitors a pop-up as soon as they arrive at a website asking them to either opt-in or out from having a cookie installed on their machine. This however could seriously damage user experience for many people. The last thing we all want is pop-ups every time we go from one site to another.
An alternative resolution being suggested for websites is to display a permanent message letting people know what cookies are used by on them. All visitors should be able to see the information and have an option to either agree to it or not. If they choose to disagree, then no cookies will be used in that users' session. It is definitely less intrusive than pop-ups, but once again would damage the aesthetics of many websites and could hinder visitors' online experience.
Another issue many people have pointed out is the fact that e-commerce businesses rely on analytics data gathered by cookies in order to see how their customers behave when using their online shops. It enables them to know how those consumers found the site (through search engines or link from another website), where they are based geographically, how many pages they looked at, which products were looked at the most, etc. If, as expected, most users were to not allow such cookies to be used during their visits, then businesses will have to trade blindly or with very limited intelligence.
The Information Commissioner's Office (ICO) has issued a guide (link), which explains how to go about establishing whether the cookies you use are intrusive. This should then help you determine what type of consent you'll need to obtain from your visitors. Certain "non-intrusive" cookies may only need to be specified in Terms & Conditions.
The most challenging area is where websites use third party cookies (usually for video streams or for advertising networks). The ICO does not give any clear guidelines on this, only saying that website owners should try and do as much as they can in order to inform people of those cookies.
In this 12 month long review phase companies and individuals are being asked to find out exactly what cookies they use and what information is gathered by them. They should also come up with ways in which they plan to gain consent. Those website owners who do nothing risk being punished.
You should monitor ICO's website for any updates on this issue and start working on ways in which your website can comply with this law.