How To Perform a Cookie Audit
The EU Cookie Directive 2012 is now in full force, and the Information Commissionaire’s Office (ICO) has already started sending out warning letters to large corporations.
The most important ePrivacy law this decade states that website owners must attain explicit consent for the use of third party and persistent cookies.
Start by arranging for your website to get cookie compliant by organising a website cookie audit, and privacy policy review.
There are a numerous free cookie audit tools on the market such as Optanon, or Attacat.
As thing stand there is no major stand-alone fully fledged cookie audit software or online cookie audit tools.
In many cases, for small and medium sized websites the first step is to carry out a Cookie Audit, to check the cookie compliance of a website.
In today’s world of tracking, retargeting, customisable settings, logged in and logged out experiences it comes as no surprise that the websites have, on average, 14 cookies per domain.
Start by clearing all cookies from your browser. Restart the browser and visit you website. From here you can go to Tools > Settings > Privacy and view all cookies.
Copy and paste the name of each cookie into a table, like below.
|
Cookie Audit Template – AddThis, Social Media Plugin |
|||
|
Cookie |
Type |
Usage |
Notes |
|
uid |
Session |
Generates a unique user ID |
First party |
|
di/dt |
Persistent |
Measures entrance and exists for user sessions |
Third party |
|
bt |
Persistnat |
Creates a profile of user interaction with websites and social media |
First & Third Party |
|
uvc |
Session |
Tracks visits |
First Party |
|
ssc/psc/uvc |
Behavioural |
Records user interactions actions |
|
|
loc |
Session |
Captures data from the HTTP header information |
First Party |
Once you have all the cookies listed the audit is nearly complete. It is useful to go through each cookie and check if it is “Strictly necessary”, a “Behavioural targeting Cookie”, or optional. Remove any scripts, plugins or processes which place unnecessary cookies on a user’s machine. Do this before updating the privacy policy, or adapting the website with a cookie law scripts or cookie audit software.
All up, a website cookie audit helps outline the types of files used, and how to get cookie consent from users for first, third, session or persistent cookies.
Check all cookies
- List the cookies
- Comply with the law by accounting the files
- Assess the role each cookie plays (necessary or optional)
- Make a decision about technical implications of altering the role cookies play
- Update the Privacy policy to reflect the new cookie law, and/or use of a cookie directive script or plugin.
Determine the exact functionality of each cookie, and state this for the user. A website is part way to cookie compliance - as soon as the audit is complete.
Explicit or implied consent to get cookie compliance
At the 11th hour the ICO published new guidelines for the cookie law implantation. These centred on “Implied Consent”. Put simply, once explicit notice has been served to users they can click yes, no or show more information. With explicit consent a publisher must show and gain consent for each individual cookie? The new cookie law has many interpretations throughout Europe. The UK Cookie law is one of the less stringent approaches. But current measures and guidelines are all but a fait accompli… Watch this space!