We've been asked a lot recently (hardly surprising) on what guidance & solutions we can issue to clients regarding the EU Cookie Law directives.
For background reading, there's an interesting article/discussion on e-consultancy with a man at the ICO which puts the issues in content. There's also some feedback and views from various analysts, retailers and pundits about what their plans are on the same website. And here's e-consultancy's own thinking and action on EU compliance.
Rachel McCombie at SEOptimise has also produced a good summary of the various approaches.
An example we could all follow is John Lewis. (Most of Screen Pages' clients are happy to emulate John Lewis in most regards). John Lewis simply provide helpful information to customers in a transparent fashion. Adding this content to a website's T&C section and placing a link to it, say, on the basket page should be easy to implement by a retailer's web team (especially on Magento websites), without any programming at all.
Our guidance for those who do not have access to legal experts and operating off modest budgets:
1. There is lots of discussion about implementation of the EU Cookie Directive and no definitive answer at this stage about what efforts will comply.
2. It is clear that information must be better communicated as well as a commitment to research and act (make a plan).
3. It is reasonable - at this stage - to assume that "essential cookies" (eg. e-commerce-supportive) will be "an exception": the Government's Guidance document defines “the exception” as applying only to cookies which are “for the sole purpose of carrying out the transmission of a communication” or which are “strictly necessary” as distinguished from “reasonably necessary”. This may extend to analytics cookies as well, but that's less clear.
4. Read the material and make a commercial decision about the best approach for your business.
In the Magento world, there are three options:
1. Implement the content pages & links to this material (as in John Lewis, above) in the time-honoured fashion via the Magento Admin Panel & then wait to see what emerges...
2. If you want to gain consent, commission a bespoke cookie consent form (of a design/approach appropriate to your business). There don't appear to be any extensions (but see 4 below) and we have quoted clients half-a-day for a typical (basic) implementation.
3. Or upgrade to Magento Community 1.7 or Magento Enterprise 1.12 which includes a new cookie notification feature that simplifies the compliance process. Once enabled, a message at the top of the storefront informs site visitors about the cookie policy and prompts them to accept or decline (image thanks to Tom Robershaw)