Commercial EU Cookie Audits

We PeteFinnigan.com Limited have launched this website to offer commercial cookie audits for owners and operators of websites in the UK initially and also in the EU as more countries come on-line and comply with the new laws requiring websites to tell users about cookies that they set and also educating what cookies are and what they are used for.

I started this “cookie law” process for our own websites some time ago and read as much as I could about the EU privacy directive and how to comply. The first step in this process is to do a cookie audit of  your websites. This will tell you what cookies you try and save or read on users devices. When you have done an audit you will know the cookies and you can then assess their intrusivness (from essential cookies – i.e. shopping cart through to very intrusive advertising tracking cookies used to try and sell you relevent products.) thereby giving you some idea of what sort of consent is required. At a high level the new EU Law says that website owners should let users know what cookies are, what they do, about privacy and then in detail about the cookies they themselves set.

You cannot do that until you have done an audit. In fact after the audit and before you write a policy to define what cookies are and what cookies you set you should try and remove cookies that you do not need. This is what we did first and we soon realised we can live without cookies in most parts of our sites provided we dont use analytics, social network tools and the site doesnt need login.

When you have decided on cookies you need to keep you can create the policy and post it prominently to your website. Finally if you still serve cookies you can then decide on implicit consent or explicit consent and decide how you may implement that in your website.

Wow, thats a lot of work; well it was for us. In order to complete the first step in auditing multiple websites we first realised that we didn’t want to rely on Firefox and didn’t want to have another company collect our details via a plugin so I created some cookie audit tools. First I updated the web crawler from PFCLScan and added specific features to allow a site to be crawled looking for cookies. I then updated the operating system check tools in PFCLScan to allow a websites source code to be browsed using tests added to PFCLScan or using the engine on the command line. In fact the webcrawler engine can also be used on the command line or inside of PFCLScan. As none of our websites use databases we didnt progress testing website templates/content held in databases but we can do that easily with PFCLScan using its native database audit facilities.

Finally we also created a bespoke web browser that allows a user to browse websites whilst also recording all cookies (First, Third, Session, Persistent, Secure….) and also logging all URL’s that can be visited. This tool can be useful for assessing cookies that are set via forms as a user can access the site in a normal fashion but it also grabs cookies as the site is navigated.

All this work updating our scanner and also writing bespoke tools means that it would be great to use the knowledge we have gained around this law, our own experience with our sites, our tools and also audits we have done for others lead us to doing commercial cookie audits for clients.

If you would like us to use our expertise and perform a cookie audit for your website to help you get compliant with this law please contact us at pete@petefinnigan.com

This entry was posted in Uncategorized. Bookmark the permalink.