|
A cookie can last 7984 years 
Computer/Internet/Software Articles Submit Articles Back to Articles
-
UK websites place more cookies
but give more information than any other country surveyed
An international study led by
the UK’s Information Commissioner’s Office (ICO) into the use of
cookies has revealed that some websites are placing cookies on
computers and other devices that will long outlast the usefulness of
the device.
A cookie is a small
file of letters and numbers that is stored on a device when it is used
to visit a website. Cookies are used by many websites and can do a
number of things, eg remembering your preferences, recording what you
have put in your shopping basket, and counting the number of people
looking at a website. Some cookies, known
as third party cookies, can also be used to record information based on
how the user is interacting with other websites.
The study involved an
automated and manual examination of 478 websites by eight privacy
regulators from the European Article 29 Working Party and other
national regulators who have responsibility for enforcing the rules on
cookies. The key findings from the research are:
- The websites surveyed set a
total of 16,555 cookies.
- The average
website placed 34 cookies on a device during a person’s
first visit. UK websites placed an average of 44 cookies
on a first visit, the highest of any country surveyed.
- 70% were third
party cookies (set by websites
other than the one being visited). 30% of cookies set
were first party cookies (set by the site being
visited).
- 86% of cookies were
persistent cookies (remain on a
person’s device after use). 14% were session cookies
(removed after a person’s browsing session has ended).
- The average
cookie is set to expire after one to two years but some
cookies were being set for as long at 10, 100 or even nearly 8000
years.
- 31st December 9999. Cookies
set by three websites
would not expire until 9999. One of these websites was based in the UK.
The use of cookies in the UK
is governed by the Privacy and Electronic Communications Regulations
(PECR). The regulations require organisations to provide clear
information about how cookies are used on their website and allow
people to make a real choice about whether they are happy for
non-essential cookies to be placed on their device.
In the UK, 94% of the 81
websites surveyed provided information to explain to visitors how
cookies were being used on the site. This compares favourably when
compared to elsewhere across Europe where only 74% of the websites
surveyed provided any information about cookies.
The most common method of
informing visitors about the use of cookies was by using a banner at
the top of a webpage. This approach was used by 59% of the websites
surveyed where information was provided. Just over 39% used a link to
further information about cookies in the header or footer of a webpage.
ICO Group Manager for
Technology, Simon Rice, said:
“Any web developer will tell
you that cookies are a vital tool for making the web work. However, the
number of cookies out there may come as a surprise to many,
particularly in the UK where the average website sets more cookies than
for any of the other countries surveyed.
“There’s also clearly an issue
with the lifespan of some of these cookies. Developers must consider
the implications of using certain settings in their code. Setting a
long expiry on a cookie means that it will not only outlive the
usefulness of the device, but also the person using it at the time.
While the length of time a cookie needs to remain on a device will
depend on the reason why it was originally set, it is difficult to
justify an expiry date in the year 9999 for even the most innocent of
purposes.
“However, the encouraging
thing from a UK perspective is that organisations in our region are
performing better than our European counterparts when it comes to
informing people about the use of cookies on their website. We will be
writing out to those who are still failing to provide basic information
on their website before considering whether further action is required.”
The research was carried out
between 15 and 19 September 2014. The number of cookies on each website
was recorded and logged using a tool developed by the ICO. This was
followed by a manual review of each website by the relevant national
regulator to see what information was provided to consumers about the
cookies placed by the website.
You can watch
a video interview
with Simon Rice discussing the report’s key findings and what
organisations should
take away from this research on the ICO website.
A full
copy of the report, providing further
information about how the survey was conducted and its key findings, is
available on the Article 29 Working Party website.
The ICO has produced detailed
guidance to help
organisations in the UK make sure their websites comply with the PECR
by informing people how
cookies are being used. The Article 29 Working Party has also recently published
an opinion supporting the ICO’s view
that the use of online technologies that operate in a similar way to
cookies, including some forms of device fingerprinting, still require
an individual’s consent before being placed on their device.
If you are concerned about the
use of cookies on a particular website based in the UK then you can
report the details using the ICO’s
online reporting tool. Further information about the
work carried out by the
ICO to regulate the rules relating to cookies can be found on
the ICO
website.
ENDS
If you need more information,
please contact the ICO press office on 0303 123 9070 or visit the
website at: www.ico.org.uk.
Notes
- The Information Commissioner’s
Office upholds information rights in the public interest, promoting
openness by public bodies and data privacy for individuals.
- The ICO has specific
responsibilities set out in the Data Protection Act 1998, the Freedom
of Information Act 2000, Environmental Information Regulations 2004 and
Privacy and Electronic Communications Regulations 2003.
- Anyone who
processes personal information must comply with eight principles of the
Data Protection Act, which make sure that personal information is:
- Fairly and lawfully
processed
- Processed for
limited purposes
- Adequate, relevant
and not excessive
- Accurate and up to
date
- Not kept for longer
than is necessary
- Processed in line
with your rights
- Secure
- Not transferred to other
countries without adequate protection
About the Article 29 Working
Party
- The Article 29 Working Party
is made up of representatives of the 27 EU data protection authorities,
including the ICO, plus Norway, Iceland and the European Data
Protection Supervisor.
About the AuthorThe Information Commissioner’s Office is the UK’s
independent authority set up to uphold information rights in the public
interest, promoting openness by public bodies and data privacy for
individuals. We do this by promoting good practice, ruling on
complaints, providing information to individuals and organisations and
taking appropriate action when the law is broken.
The ICO enforces and oversees the following
legislation:
- Data Protection Act 1998
- Freedom of Information Act 2000
- Privacy and Electronic Communications
Regulations
2003
- Environmental Information Regulations
2004
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2015-02-19 12:03:39 in Computer Articles All ICO Articles
|