In general, we set up Google Analytics to look at user statistics for a website, and this facility sets cookies. The cookie data is anonymous in that it doesn't identify a user directly, only their use of the site and other non-personal information. Some sites also use Adobe Typekit fonts, and Adobe sets a cookie related to this.
We use compliance software that allows acceptance of cookies, refusal of cookies, and a link to get more information. For a website to comply with the law, and to quote the Information Commisioner's Office website:
“You must tell people if you set cookies, and clearly explain what the cookies do and why. You must also get the user’s consent. Consent can be implied, but must be knowingly given.
There is an exception for cookies that are essential to provide an online service at someone’s request (eg to remember what’s in their online basket, or to ensure security in online banking).
The same rules also apply if you use any other type of technology to store or gain access to information on someone’s device.”
Whilst it isn't a legal requirement to follow the legislation on digital accessibility, trying to adhere to the guidelines where possible is a good thing. The British Standard for Web Accessibility (BS 8878) is designed to help organizations improve their websites, making them easier to use for everyone. Whilst not claiming to comply with the standard, sites are designed with it in mind as an ideal goal.
Where possible, sites are constructed so as to be compatible with a wide range of assistive technologies, and to work with as wide a range of browsers as possble, although some older browsers will have problems with modern web standards. Usually the site will break in a way that is gentle and non-catastrophic when using old browsers, with aesthetics being the main item to suffer, rather than important content.
GDPR — General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a set of EU-wide data protection rules that have been brought into UK law as the Data Protection Act 2018. For most small business, the overall effect will be minor, but any business that collects the personal data of customers and individuals via a company website will need to have explicit consent to do this, and a mechanism whereby that consent can be withdrawn.
Cookies. The obvious thing to ask is, what are cookies?
Cookies are small bits of information that websites use to record things for later retreival, and they are stored by your browser. The browser maintains a list of the cookies that it has stored and manages their later retrieval by the site that set them if required, on the next visit to that site. If properly secure, cookies from one site should not be readable by other sites, unless there is a deliberate association between the sites.
What is the law regarding these cookies?