From 26th May 2012, new law states that all websites in the UK should ask all site visitors in advance for permission before storing “Cookies” on their PC. Failure to comply could result in a fine of up to a maximum of £500,000 for serious breaches.
The ICO (Information Commissioner’s Office), who are responsible for enforcing the law in the UK, have said they will take a dim view of organisations that fail to act before the deadline. ” Those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules.” - Information Commissioner, Christopher Graham
In May 2011 a new amendment to the Privacy and Electronic Communications Regulations came into effect in the UK requiring that all websites ask visitors for consent to use web cookies in advance of storing them on a user’s equipment such as their computer or mobile device. The new law is intended to help protect people’s privacy. It has become commonly referred to as the “EU Cookie Law” but in actual fact, it covers all technologies as well as cookies which store information in what is formally known as the “terminal equipment” of a user.
Introduction in the UK was deferred for 12 months to give businesses time to implement a solution but now the deadline of 26th May 2012 is fast approaching. Indications are that the UK is currently the only EU country to have translated the EU directive into law so far.
Websites could stop using cookies by disabling them all within the browser, but generally this means losing some functionality of the site which is not going to make the user experience so friendly and constant interruptions asking for permission on every page you visit will almost certainly lead to more visitors leaving the site rather than continuing to browse.
The solution that the UK ICO implemented on their website to conform with the new EU requirement, apparently resulted in approximately 90% drop in data gathered when they implemented it . This does not mean that they lost all that traffic, just that they could no longer monitor it so they cannot tell how much they actually lost as a result.
A recent survey of 55 major organisations by KPMG indicates that UK businesses generally appear to be rejecting or ignoring the new regulations. Data obtained one month before the regulations becomes law show that a 95% of the businesses surveyed claim they have not yet complied with new EU cookies law, despite offenders potentially facing fines of up to £500,000.
International law firm, Pincet Masons, recently published a blog article on their Out-Law.com website (10 April 2012) reporting that the ICO had stated that they are unlikely to take action against the users of data analytics cookies on websites even if they fall foul of new EU rules on cookie consent. The ICO have also apparently said they will only enact financial penalties in cases that affect a large number of people which possibly suggests they will make examples of some of the more serious cases where it would be cost effective to pursue through the courts.
Although there seem to be many articles being published on this subject, many give slightly different information or interpretations of the EU directive which will only lead to confusion and misunderstanding. The International Chamber Of Commerce have produced the ICC UK Cookie Guide to promote wide adoption of standard language in a hope that it will reduce the learning journey of users across websites.
So far, most businesses seem to be waiting for someone to come up with a simple solution to fix the problem or have just chosen to ignore it. There are some initial solutions available but at a price. Many have been hoping that the web browsers will resolve the issue but so far, they have apparently been very quiet on the subject. The UK Government has been talking with the browser manufacturers to see if browsers can be enhanced to give users easier access to settings and to make those settings as informative and easy to use as possible but so far, the Government has not released any details of how these discussions are progressing so it looks like we will have to wait and see if, and when, browser manufacturers are able to release updated versions of their products.
As you can see, this is quite a detailed issue and I apologise for the rather long article. I have included some useful references on the subject if you want to learn more. You should at least be aware of the issue and understand the implications even if you choose not to do anything about it.
- http://www.aboutcookies.org/ (Pincet Masons)
- http://silktide.com/cookielaw (very comprehensive overview – 62 page e-book)
- International Chamber of Commerce ICC UK Cookie Guide (a good start for defining some standards)
This article is not a statement of the law and does not constitute legal advice. Website owners / operators are responsible for their own compliance strategies, depending on the cookies they use and the nature of the website. The author does not endorse any particular method for gaining website users’ consent.
Were you aware of this new legislation ?
What do you intend to do to comply ?