Website owners face tougher cookie rules

Website owners will be breaking the law this Thursday if they are using cookies – the small files placed in a visitor’s browser to track their online viewing– without having obtained their users’ ‘explicit consent'.

From May 26th, all British organisations and businesses, regardless of size, will legally have to ask for permission to store and retrieve information on users’ computers or other browsing devices.

Until now, the rule on using cookies was that the owner of the website had to tell visitors how the site uses cookies and provide them with a way to ‘opt out’ of the usage if they objected.

Following an update to the European directive on which those rules were based, the new requirement is, basically and due to privacy concerns; that cookies can only be placed on devices “where the user or subscriber has given their consent.”

Official guidance from the Information Commissioner adds: “Gaining consent will, in many cases, be a challenge.

“However, it is important to remember that these rules give you the opportunity to check how well you explain how your web pages work to the people who visit them.

“Complying with the new rules will allow you to be confident that your users have a better and clearer understanding of what you do and how you do it.”

Problematically for website owners, and explaining the need for the ICO’s guidance, the directive does not define what constitutes getting a user’s ‘explicit consent,’ to use cookies and similar technologies.

The government, which is reportedly working on a browser-based solution, says there should be a “phased approach” to the implementation of the changes - reassuring given that fines for non-compliance could rang up to £500,000.

Due to issue separate guidance on enforcing the rule-changes, the ICO reflected in a message to website owners: “The key point is that you cannot ignore these rules.”

In a guidance section entitled, ‘So what do I need to do now?’ the commissioner added: “We advise you to now take the following steps:

“1. Check what type of cookies and similar technologies you use and how you use them. 2. Assess how intrusive your use of cookies is. 3. Decide what solution to obtain consent will be best in your circumstances.”

Reading between the lines of the ICO guidance, and according to media reports, the subtext is that as long as website owners are working towards compliance they should not be punished.





22nd May 2011

Related News

Latest News