Changes to the Privacy and Electronic Communications Regulations - Cookies
We wish to inform you of the recent changes to the Privacy and Electronic Communications (EC Directive) Regulations affecting websites and to request that you take action to ensure the compliance of your Department’s and affiliated sites.
The amendments to the Privacy and Electronic Communications (EC Directive) Regulations in May 2011 seek to make it easier for visitors to web sites to understand what kind of information about them is being created and stored as a result of their visit. In particular, some of this information is stored on the visitor's own computer, in the form of small text files called cookies. The new legislation requires web site providers to make it easy for visitors to understand what cookies are created by the web site and for what purpose, to agree to this, and, in some circumstances, to be able to opt out of receiving such cookies. Therefore, there are three steps that web site providers at Warwick should be taking:
- Make sure that you know and can list all the cookies which your web site creates. This may include cookies which are essential for the functioning of the site (eg. cookies to record the fact that the user is currently signed in), minor preference cookies (eg. text size) or cookies for analytics or tracking purposes. If you embed third party content such as YouTube videos, Facebook 'Like' buttons, etc. then viewing or clicking on this content may also cause the third party site to set cookies, and you should record this too, though you are not responsible for providing opt-out or other services relating to third party cookies - that's the third party's job.
- Once you have such a list of cookies and their purpose, you should publish it on your web site, and make it easy for visitors to your site to find the list. Our recommended format at the moment is to have a link entitled simply 'Cookies' which you put on every page of your site in whatever site-wide navigation you have - header, footer, side-bar, etc. For a short time after the introduction of this link, you might choose to make it more prominent than it will eventually be in the longer term.
If your only web presence is delivered through SiteBuilder, the University's web publishing tool, then in almost all cases, you need take no action. Your pages already have a link labelled 'Cookies' in their footer, and information about the cookies which are used by SiteBuilder generally is available by clicking on that link. The only exception might be if you have written your own code which sets additional cookies specific to your pages, or you embed content from an unusual third party (e.g. not Facebook, Twitter, YouTube, Google in your pages). The vast majority of SiteBuilder users don't do either of those things, and therefore need take no action.
Further detailed guidance is available here as a download (Guidance on the Privacy and Electronic Communications (EC Directive) Regulations v 1.1) and the Legal Services team is able to offer support on wording of privacy policies (email@example.com). Requests for technical advice and assistance should be raised via the IT Services Helpdesk (firstname.lastname@example.org or ext 73737)