Google Analytics and the new UK Cookie law
Archive - Originally posted on "The Horse's Mouth" - 2012-06-02 10:54:52 - Graham Ellis1. If you run Google Analytics on your web site, up to 4 cookies are stored in your browser.
2. UK law now states:
Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
(Text from [here] on the Information Commissioner's Office (ICO) web site)
Adding these two together, it means that if you run a web site with Google Analytics in it, you'll need to tell your user, and you'll need to obtain his / her consent, even if you don't use cookies for anything else on your site, and even if you didn't realise that Google uses cookies!
Fortunately, the ICO's web site tells us "Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies". But it warns "If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent."
I've been looking into the Google Analytic Cookies in order to provide our users with the required clear and comprehensive information that's required.
If you use Google Analytics on your web site, there are four different cookies they may set in your browser, and at least one of those cookies will initially be set the first time that a new user visits a page into which you have inserted the Google Analytics code.
a) __utma - a cookie which is persistent. Set on a visitor's first logged visit to your site, it says to Google "it's me again" on each subsequent visit to a logged page
b) __utmb and __utmc - a pair of cookies with a short life which help Google work out how long your visitor remains on each page
c) __utmz - provides information to track where a visitor arrived from on their current visit (seach, bookmark, etc)
d) __utmv - will only be set if you have configured your Google Analytics to allow for custom segmentation of your visitors in some way.
I'm not sure how much detail we need to go into telling our users about each of these cookies. I am choosing to use the following text on our sites:
We use Google Analytics on this site, so that we can track site usage overall, and analyse the results to learn more about the general profile of our visitors (but not any one visitor in particular), for the purpose of learning about trends, the relative importance of pages, about where our visitors come from, how long they stay, what technlogy they're using, and so on. The purpose of learning about this data is to help us improve the service we offer, and to spot any changes in usage pattern and react accordingly. Google Analytics places cookies in your browser for this purpose.
And where practical to provide an example of some ot the reports generated:
Diagram from Google Analystics showing the number of visitors per hour through a week.
Diagram from Google Analystics showing general statistics for the last week
Map / Diagram from Google Analystics showing the locations of UK visitors to this site in the last week.
These sample diagrams are from our First Great Western Coffee Shop Forum, for the 7 day period ending on 1st June 2012.