New EU Cookie Legislation and Actinic Software
“Implied consent” required by website users for the use of “non-essential” cookies/data tracking.
What does this mean to you?
NOTE: There are still unanswered questions surrounding this and the ICO has confirmed that it will not be actively pursuing websites and website owners, nor handing out fines, as long as the respective websites are working towards compliance.
So, onto the technical stuff………
What is a Cookie?
Cookies are small files that may be placed on a web site on a user’s PC. These files store information that may be needed while a customer browses the site or when they visit in the future. The information may include personal data or anonymous data, for example pages previously visited or items stored in a shopping cart.
New Regulations for Cookies
A change in EU regulations now requires that before using any cookie that is not ‘strictly necessary’ for the functioning of the site, the site owner must obtain consent from the user. There is still confusion as to how this will be interpreted by law. e.g. the recent 11th hour amendment to change this consent to “implied” consent!
(for other platforms similar insight can be given to you by teclan at your request)
At the moment, there is no indication that Actinic sites will be affected by the application of the new law. This situation is constantly being monitored.
Currently, Actinic software use the following types of cookie:
- Actinic_Cart – This is excluded from the scope of regulations as it records the session file of the shopping cart.
- Actinic_Business – The login digest for logged in customers
- Actinic_Contact – The Checkout ‘Remember Me’ function – contact information to save re-entering on subsequent orders.
For both of these cookies, consent is obtained before use – the Terms and Conditions must be enforced at the Checkout (default setting) and, that in the Terms and Conditions, the default cookie statement is retained.
- Actinic_Referrer – This cookie returns the customer to the last page visited after checkout is complete.
- Last_Section_URL – Used by the ‘Back’ link on the Product Page, this returns the customer to the correct Section page.
- Actinic_Recent – If enabled, records the image filename(s) for the ‘Recently Viewed Products’ list.
- Cart_Content – In the shopping cart summary, stores the cart value and item count.
These cookies are necessary for the correct functioning of the associated elements of the site. None of the four above store personal data. Actini_Referer and Last_Section_URL expire on closing the browser. For Actinic_Recent and Cart_Content the expiry period is set in Web/Configure Expiry Periods.
The Implementer Guide to Privacy & Electronic Communications Regulations (PECR) for Public Sector Websites states:
“Provided clear information is given about their activities we are unlikely to prioritise first-party cookies used only for analytical purposes in any consideration of regulatory action”
Data Protection Law – Ecommerce
Data protection laws dictate how businesses and other organisations make use of personal information. The Data Protection Act 1998 has eight data protection principles:-
Personal information is;
- Processed fairly and lawfully
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with the rights of individuals
- Not transferred to other countries without adequate protection
‘Processing’ – Defined as virtually any action carried out on a computer, including obtaining, recording, holding, processing and analysing personal information. Further advice can be found on the Information Commissioner’s Office (ICO) website.
Data Security –The business must have appropriate security measures in place to protect personal information against unlawful or unauthorised use or disclosure.
The only exception to this rule is if the Police ask the business for information on an individual or the information is necessary for a court case/tribunal.
An on-line merchant should ensure that their people related systems are in place and monitor them regularly, as it is easy to let data security slip into the background. Become PCI compliant (Payment Card Industry Data Security Standard) – the alternative could result in costly fines, recovery –related costs and brand/reputation damage. (Validation is carried out annually, by an external Qualified Security Assessor for large volumes of transactions or by a Self Assessment Questionnaire (SAQ) for smaller volumes.
How can teclan help?
teclan have developed and tested a solution to Actinic V11 for this problem and we are making this exclusively available only to teclan’s Actinic customers.
Click here to download our Cookie Consent Plug In.
If you have an older version of Actinic upgrade today by visiting Actinic V11 or contacting the teclan team.