Internet browser cookies: The monstrous legal risks for website owners

Google does it – and was sued. Facebook does it – and was sued, more than once. Most websites do it – every day, without even knowing it!

 

We’re talking about dropping internet browser “cookies”. This used to be an arcane detail of internet programming. But things are changing.

 

Cookies are not an issue in Australia yet, but it’s coming

 

Australia does not yet have laws that require explicit consent before you deploy or “drop” a cookie in your website visitor’s browser. There are no requirements in place to even notify the visitor of a website that cookies are being used by a website. The use of cookies is governed, to some extent, by the Australian Commonwealth Privacy legislation, but there is currently no regulation in place that specifically targets cookies.

 

However, there was a good deal of discussion last year regarding whether Australia should adopt a procedure similar to the UK, which requires notification when a cookie is dropped. It is being regularly reviewed and discussed and with overseas laws changing fast and more legal cases arising in the US (Facebook, Google, etc.) it may only be a matter of time.

 

For the time being no notification requirement exists. So if you use cookies on your website, for any purpose, you don’t need to let visitors and users know – for now.

 

Educate yourself about what cookies your website uses

 

If you have a website or an online business you should know:

  1. What cookies your website directly and indirectly uses
  2. How to enable and disable these cookies
  3. What specific functionality these cookies provide, and
  4. Which countries your website visitors and users come from

 

It’s not just your website that might be dropping cookies on your visitors’ browsers. Your website analytics, shopping cart software, online advertisers, etc, might also be deploying cookies via your website.

 

Best practice would be to inform any visitors and users of your site that cookies are being used and specifically what information is being collected and how it is being used.

 

If your website is used overseas, you need to comply with their regulations

 

The EU and UK, in particular, have what would be considered strict cookie laws in comparison to Australia and the US. The UK tried last year to implement a stricter approach by requiring online businesses to have any visitors to their site actively agree to the use of cookies.

 

However, there was such a backlash from businesses claiming it was un-commercial and posed a barrier to potential customers, that this requirement was withdrawn. Despite this, there is still a requirement that websites notify visitors when cookies are being used.

 

As a result, if you have a website that either targets or is visited by UK residents or other visitors from EU countries, you need to meet their local cookie requirements. This would mean putting up a clearly visible cookie notification statement on your website.

 

And keep up-to-date with this issue

 

Google, Facebook and Microsoft are all looking at ways to control the next iteration of cookie software. The demographic and advertising information that is gathered via cookies is extremely valuable and whoever controls this will have an advantage in the internet of the future. Those that lose out on this information may have to pay for it instead.

 

The cookie discussion is only just beginning in Australia. In the months to come we will all become a little more familiar with the in-and-outs of cookies and cookie legislation. So make sure you keep up and ensure that your online business is complying with the latest directives.

COMMENTS