What do councils need to do to be cookie compliant?
Legal compliance on cookies is covered in regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR). The Information Commissioner’s Office is responsible for enforcing the rules which require you to:
- tell people the cookies are there
- explain what the cookies are doing and why; and
- get the person’s consent to store a cookie on their device
How can councils enhance their cookie compliance beyond meeting the rules?
Having reviewed cookie compliance on a number of council websites I recommend that web managers and web teams read and follow the advice from the ICO and check to see if your website meets PECR guidelines. Read the advice in detail and make sure you understand it. If you don’t then seek advice from your council’s legal team.
Beyond this I would advise revisiting cookie compliance on your website, as privacy really matters. It is important to do this, particularly if you don’t use a cookie module to manage cookie consent and just list relevant cookies that people should be aware of. It is easy to generate a list of cookies and then forget to review them. Over time as the website develops you are likely to add new services which may result in additional cookies which need to be added to your cookie list.
Equally you may remove services and any associated cookies also need to be removed from your cookie list. A good example of this relates to cookies associated with the SOCITM Satisfaction Service. This service used to be used by a large number of councils to help to measure user satisfaction with their websites. The service no longer exists and hasn’t done so for well over five years. The cookie information relating to the SOCITM Satisfaction Service still appears on the cookie list of a number of councils. If you are one of these councils then I’d recommend that you remove it.
Whilst you are doing this carry out a cookie audit to ensure that your cookie policy is up to date. Schedule this in to your work programme so that it doesn’t get missed and make sure that you periodically revisit this.
I’d also recommend reviewing the accessibility and usability of any cookie compliance module that you have in place.
Other things you can do to improve your website’s cookie response:
- Consider ways to improve the prominence of cookie information as cookie banners need to be prominent and easy to read.
- Don’t emphasize accepting over rejecting cookies as this is a non-compliant approach.
- Test that cookie consent enables users to disable and enable cookies.
- Review the accessibility of your cookie compliance module and fix any issues that arise.
Finally, when you are reviewing your cookie compliance, review the module itself. Does it need updating, or is it worth reviewing other modules to make sure that you are using the right one. When I first set up this website I must admit that I was tempted to add a free service offered as part of the website setup. It ticked a box by adding a cookie module, but it wasn’t fully compliant and it certainly didn’t meet all the points that I have raised in this blog post.
Having resisted the temptation to implement the first cookie option that I saw I promptly took the time to review the marketplace and find a more appropriate solution. I chose Digital Control Room as their cookie module was the best match to my requirements. Their product stood out from the ones that I reviewed and the support that they provided was greatly appreciated. They answered all of the questions that I raised with them and they guided me through the various steps involved in setting up the cookie module. This included matching the design of the module to my website, changing the text that appears on the cookie banner and checking that the cookie information was correct and informative to users. They also provided a full preview of the service so that I could review it and make incremental improvements before making it live by simply adding a single line of code to my website.