I thought I would clear up to some misconceptions regarding the use of third party cookies on a site and in paticular statistic tracking cookies such as Google Analytics Urchin cookie. There are two misunderstandings regarding the use of cookies, 1 that its illegal to store a third party cookie on a persons computer, 2 it breaches accessibility guidelines neither of these are true. You do however need to declare the use of third party cookies both in your privacy document and in your P3P document and compact headers.
Google Analytics holds your data on machines in the United States and as such you need to reference that it is held under US law which may differ from local laws of the host site.
If you need further proof that its perfectly legal to use Google Analytics in the UK and elsewhere have a look at www.ico.gov.uk which is the site for the Information Commissioner’s Office the people who regulate and enforce privacy in the UK and who tracks stats using, guess what Google Analytics!
So now we have covered its legality how do we define the use of Google Analytics in our sites?
Privacy policy for Google Analytics
Once again we can turn to the ICO to provide us with a good template for defining Google Analytics cookies
The Information Commissioner’s Office website uses Google Analytics to help analyse how users use the site. This analytical tool uses ‘cookies’, which are text files placed on your computer, to collect standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors use of the website and to compile statistical reports on website activity for the ICO.
The ICO will not (and will not allow any third party) to use the statistical analytics tool to track or to collect any personally identifiable information of visitors to our site. We will not associate any data gathered from this site with any personally identifying information from any source as part of our use of the Google statistical analytics tool. Google will not associate your IP address with any other data held by Google. Neither the ICO nor Google will link, or seek to link, an IP address with the identity of a computer user.
I think it’s not a hard act to recreate something similar for your own sites when you come to define cookie usage, I do not however recommend the ICO own privacy document as a basis for your own though you may be interested in this template I created at Webdigity.
When writing our P3P documents
We can declare the use of the Urchin Cookie like so
<STATEMENT>
−
<EXTENSION optional="yes">
<GROUP-INFO name="Google Analytics Urchin Cookie"/>
</EXTENSION>
<!-- Consequence -->
−
<CONSEQUENCE>
</CONSEQUENCE>
<!--
Data in this statement is marked as being non-identifiable
-->
<NON-IDENTIFIABLE/>
<!-- Use (purpose) -->
<PURPOSE>
<pseudo-analysis/>
<pseudo-decision/>
<individual-analysis/>
<individual-decision/>
</PURPOSE>
<!-- Recipients -->
<RECIPIENT>
<ours/>
</RECIPIENT>
<!-- Retention -->
<RETENTION>
<legal-requirement/>
</RETENTION>
<!-- Base dataschema elements. -->
<DATA-GROUP>
<DATA ref="#dynamic.http"/>
<DATA ref="#dynamic.cookies">
<CATEGORIES>
<demographic/>
<interactive/>
<location/>
<navigation/>
<preference/>
</CATEGORIES>
</DATA>
<DATA ref="#dynamic.clientevents"/>
<DATA ref="#dynamic.miscdata">
<CATEGORIES>
<computer/>
</CATEGORIES>
</DATA>
<DATA ref="#dynamic.miscdata">
<CATEGORIES>
<location/>
</CATEGORIES>
</DATA>
</DATA-GROUP>
</STATEMENT>
Not sure what P3P is check out the http://www.p3ptoolbox.org/ guide
You will need to adapt your compact headers accordingly If using the above that results in CP=”NON DSP COR NID PSAa PSDa IVAa IVDa OUR LEG COM NAV INT DEM PRE LOC” which can be placed in htaccess or in a metatag on each page.
All our Posts are audio subscribed for more information see here, and to access the podcast feed here
This blog is moving soon, make sure you move with us by using our Feedburner RSS feed, if you have used the autodiscovery button in your browser you may need to swap feeds, simply delete the old feed and add, http://feeds.feedburner.com/VentureSkills For a more detailed explanation on feeds and recieving our content in various formats click here
Subscribe to our Feedburner RSS Today!
Subscribe to our Odiogo Audio Feed
