Are you cookie compliant? EU regulators to audit websites this week

What's happening?

In July, the French CNIL announced that an EU-wide compliance initiative called “European Cookies Sweep Day” would be carried out this week from 15 to 19 September 2014. The sweep is expected to involve EU data protection authorities conducting a widespread review of whether consumer facing websites have taken steps to comply with the laws governing the use of cookies.  

What does this mean for retailers? 

The use of cookies and behavioural tracking is inextricably linked to privacy-related issues which continue to cause concerns to individuals and regulators, grabbing headlines on a regular basis. Customers will treat websites that are not transparent about these practices with caution. In addition, data protection authorities may take enforcement steps against websites that have failed to comply with the applicable laws – sanctions range from jurisdiction to jurisdiction but can include monetary penalties and public enforcement notices. To what extent authorities publicise their findings and the resulting impact on customer confidence and reputation will be key. 

Our top tips to help you avoid being a “bad cookie”

To avoid alienating your customers, deal with consumer privacy and trust issues upfront. First and foremost, understand what you need to do to fulfil your legal obligations by reading our top tips below.

We have also updated our “European guide to cookies”, which you can use to check whether your website is compliant.      

1. Know your regulator    

• Although there has been a concerted effort to harmonise the approaches taken across EU member states, key concepts (e.g. implied consent) are construed in markedly different ways and so ensuring your mechanisms are compliant on a local level is important.   
• To ensure that you are compliant with the laws applicable to your website, read our guide which contains country-specific guidance on the laws across the major EU Member States.                  

2. Conduct a cookies audit                    

• Consider the following: What types of cookies are you using? Why are you using them? How do they work? How intrusive are the cookies? Do they link to other information collected by users?                   
• This information will help you determine the steps you need to take in order to comply.            

3.  Check your consent mechanisms

• Regulators are expected to pay close attention to the use of consent-capture mechanisms.
• Consider carefully the requirements around the timing and methods of obtaining consent.
• Read the relevant sections of our guide to help you understand the main issues around consent.

4. Be honest

• Ensure your cookies/privacy policies are clear, comprehensive and readily accessible to help ensure valid consents are captured and instil a sense of trust in your customers.