More info on cookies

At Recursive Software we try to be as clear as possible when concerning important matters such as privacy: on this page you can find all the information you need on the matter.

Should you have further questions, don't hesitate to ask.

What is the EU Cookie Law?

On May 26th 2011 a new EU originated law came into effect that aims to protect the privacy of web users by requiring that websites request permission to use certain types of cookie. In the wording of the law, only cookies that are ‘strictly necessary’ may be used without first gaining user consent. This means that sites wishing to use cookies for tracking customer behaviour would require consent before placing them on the user’s machine. The effects of this law will be profound and far reaching. In the UK, Information Commissioner’s Office (ICO) have given UK businesses 1 year from May 26th 2010 to become compliant with this law or face legal action.

Is my website compliant with the EU cookie law?

Yes. At Recursive we strictly implement all EU guidelines, and if you are reading this page, chances are that your web page just got updated automatically through our content-delivery network. The content of this page is mostly available to provide correct information regarding this matter.

When does the EU Cookie Law come into effect?

As of May 26th 2012 websites wishing to use tracking cookies, or cookies to provide functionality for providing personalised content, such as advertising, will need to devise a method of notifying the user of their wish to use such a cookie and gain explicit consent for doing so – merely placing a disclaimer in the site’s T&C’s is not adequate.

What is a cookie anyway?

Let’s get one thing absolutely straight – cookies are not ‘bad’, ‘wrong’ or ‘evil’ by nature, however they can be used for nefarious purposes. We’ll ignore the various ways cookies can be used for hacking as that’s not what the EU Cookie Law is about. The EU Cookie Law is all about privacy, and thus is largely targeting tracking cookies. Again, tracking cookies are not ‘bad’, but some people object to being snooped on while they browse websites without being warned of this in advance and given the option to ‘opt-out’ of said tracking. There are various less than ethical uses of tracking cookies, for example an advertising supplier tracking users across multiple websites, that are particularly frowned upon, but no legislators have a particular problem with websites collecting anonymous usage data for the purposes of business reporting and user experience improvement. They just want you to warn your customers when you are doing this, and give them the option to opt-out should they wish to do so.
So, what types of cookies are in question? Generally speaking, you could make the following, very rough, distinction:
Consent not necessary
Any cookie that, were it not for its presence, the website would cease to be usable, for example a session cookie that maintains the contents of a customer’s basket through the checkout process. That said, if you were to use this same cookie to track customer behaviour without asking them first, then this would require consent.
Consent necessary
Any cookie not ‘strictly necessary’ for the running of the site, for example Google Analytics tracking cookie or the cookie created by the company that servers banner advertising on your site.

Does the user have to give consent on every page?

No. Consent only needs to be given once per cookie or cookie type, preferably when it^prime;s planted. If that cookie has a limited lifespan then consent would not be required when resetting that cookie. If different parts of your site used different cookies for different purposes then consent would be required for each. Provision will need to be made for opting out of a cookie previously opted in to, and it would be wise to make provision for the inverse too.