SOCITM (Society of Information Technology Management)
Printable version E-mail this to a friend

Socitm ‘cookies’ audit identifies scale of task for local public sector websites to comply with new legislation

An audit for Socitm of 603 public sector websites, including the main sites of all local authorities and 170 other public service organisations, including fire, police, housing and PTEs has shown that all but six of them have cookies that will require them to take action to comply with the new legislation that came into force on 26 May.

On average each site has 32 cookies with the largest number found on a single site being 1346. Very few sites have no cookies at all. Many sites have cookies set by third party system suppliers and websites such as Twitter and Google made available through the website.

Headline results for all 603 websites tested will be sent out their owners over the next two weeks.

The new cookies legislation, prompted by an EU directive, puts a new compliance burden on all website owners, including public and private sector owners and those responsible for sites that may be delivered by third parties.

The new law requires website owners to provide their visitors with an opportunity to give their consent to having cookies downloaded on to their computers or mobile devices. The Information Commissioner's Office (ICO), which is responsible for enforcing the new law in the , has allowed all organisations one year to make the necessary changes – although complaints about serious breaches will be investigated during this period.

Simply removing cookies from websites risks compromising usefulness and usability and is not a realistic option for organisations looking to shift more services online. The law makes it clear that website owners must be aware of all cookies on their site, whether set by them, or as is often the case, where they have been set by third parties.

Once cookies have been identified, and evaluated as being necessary for the efficient and effective operation of the website (if not they should be removed), a site owner needs to choose from a range of options for obtaining informed consent from website users. They should also consider if any of the cookies used on their sites fall into the exemption provided by the new regulation, ie if they can be considered strictly necessary for the purpose of a user’s visit to the website.

Thereafter measures need to be put in place for monitoring cookies used on the website. New cookies added to the site need to be flagged for site users and the site needs to be checked regularly for cookies ‘dropped’ by third parties.

In partnership with Cookie Reports Ltd, Socitm Insight has launched a simple and practical service that will enable public sector organisations to respond to this new requirement. The Cookie Management Service has been set up as a shared service with initial funding from Socitm, allowing to be offered to local authorities, police and fire services, housing providers and others at an affordable price. Those organisations signing up to the service get

•a full report detailing all cookies on their website and the pages on which they appear

•a plain English 'How to' guide describing options for informing the public about cookies in ways that ensure compliance with the legislation

•a monitoring service, integrated with an 'active cookies page' offering visitors information to support informed choice about their continued use of the site

‘It is difficult and time-consuming to identify cookies by manual means and therefore easy to underestimate the scale of the use of cookies websites’, says Martin Greenwood, Programme Director for Socitm Insight. ‘We have compared the number of cookies found by our audit with those declared by some of the organisations that have already taken action on cookies. It is difficult to check for cookies and in every case we have found significantly more cookies that the site owners are aware of.’

Notes for editors

A cookie is a small file of letters and numbers that allow a website to recognise a user’s pc, mobile or other device. When a user accesses website features that use cookies, they are downloaded on to their device. The information accessed by the cookie is used to improve the user experience by, for example:

• enabling services to recognise a device so that the user doesn’t have to give the same information several times during one task

• recognising that the user may already have given a username and password so that this is not necessary for every web page requested

• measuring how many people are using services, so they can be made easier to use and there is enough capacity to ensure appropriate speed of response

There are many different types of cookies (which are described in this guide), but existence of any one of any one of them on website requires action by that website’s owner.

The previous law required websites only to provide users with information about the use of cookies. Now, users of websites have to be provided with an opportunity to give their explicit consent to having cookies downloaded onto their computers or mobile devices.

Socitm Insight is the research and publishing arm of the public sector IT and digital professionals association Socitm. Socitm Insight’s website services include: Better connected, the annual survey of all local authority websites; the Website take-up service, that provides a customer usage and satisfaction survey to users of participating councils’ websites; and Getting the most from Google Analytics, a new service that enables councils to assess website performance and benchmark results with other councils.

Cookie Reports Ltd has licensed the use of the Sitemorse engine and has subsequently built and now operates an online service for website cookie auditing, monitoring and reporting. Socitm Insight has had a long-standing relationship with Sitemorse for the provision of information about the technical resilience of websites published each year since 2003 in Better connected. Cookie Reports Ltd also works together with FFW, one of the leading EU legal advisors in the area of privacy and is talking with the ICO about solutions to support both the legal requirements, and practicalities of cookie usage and reporting on websites.

Further information

Vicky Sargent, Socitm Press Office

Tel: 07726 601 139 e-mail:
vicky.sargent@socitm.net

Martin Greenwood, Programme Manager, Socitm Insight

Tel: 01926 498703 or 07967 383755 e-mail:
martin.greenwood@socitm.net





















Free, Secure, Compliant UK Public Sector IT Recycling Service