Web cookie and privacy policiesIf you are using cookies or Google Analytics on your website or blog you need to read this article. And for anyone who still thinks cookies are a treat with a tea or coffee, go speak to your web developer and then read on!

I was prompted to post this article after reviewing a client’s website a couple of weeks ago. I discovered that the client had no privacy policy yet was actively collecting and using visitor data. Now it’s easy enough to rectify, but the important thing to note is that no one – not even a small business – is exempt from compliance with new regulations governing web marketing, the collection of customer data and tracking of online customer behaviour.

New European Union privacy regulations came into effect back in May. These new regulations mean that, as the owner of a website, you must obtain consent before using cookies to capture specific visitor information. Following a link in an email that you’ve sent to a customer could place a cookie on their computer, and just visiting your website or filling out a form will involve the use of cookies.

So this is where the privacy policy comes in. Visitors to your website must be given the choice to opt-in to any web experience that involves the collection of any personal information that will be stored in cookies; simply informing visitors about how cookies are used is no longer acceptable.

So do please make sure that:

1. you have a privacy policy in place

2. your privacy policy reflects the new regulations and offers the choice to opt-in.

If you’re unsure of the wording for your privacy policy, take a look at what other companies do. You might also want to consider buying one that has been drafted by a solicitor – Clickdocs is well worth a look. Getting permission could be as simple as a check box or a pop-up registration form. As long as you have obtained consent from your visitors your website will be legitimate.

It is early days for these new regulations, and there will be developments over the coming months as the UK establishes formal laws to regulate and enforce the EU directive. The UK has a grace period of one year, so there’s no need to panic just yet, but now is definitely the right time to start reviewing and adjusting your marketing practices. And if your market extends beyond the UK you will need to be aware that permission requirements may well vary from one EU country to the next.

I’ll be monitoring developments as they happen and will report back, so do keep checking this blog for further information.

Do you have a privacy policy in place? How will you deal with the new requirements? It would be good to share best practice so do let me know.

Photo credit: Grant Cochrane