Businesses and website owners could be facing fines of up to £500,000 if they do not comply with the new Cookie Laws1. A new KPMG study found about 95% of UK companies have yet to comply with new data protection rules due to come into force on 26th May 2012.
The legislation – postponed from last year – limits the use of tracking cookies on business sites and requires businesses to get browser’s permission or alert the browser to their existence. Fines for non-compliance could be up to £500,000.
Cookies are small text files which are used by websites to analyse their visitors’ Internet behaviour. The files are stored on a user’s hard disk to enable targeted advertising and personalised web pages and are also used by e-commerce sites to manage users’ shopping carts.
The directive becomes enforceable UK law from 26 May 2012. From then on, websites need to obtain users’ opt-in consent first if they install cookies that pass on information about browsing activities to third parties. Non-compliant websites may be subject to a fine.
Last year, the Information Commissioner’s Office (ICO) gave UK companies a year to get into line with the EU regulations, which require them to obtain consent before placing a cookie on a user machine.
The UK Regulations mean that a website operator must not store information or gain access to information stored in the computer (or other web-enabled device) of a user unless the user “is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information” and “has given his or her consent”. The consent requirement in the UK Regulations replaces the previous position which provided that visitors should be given the ability to refuse cookies.
The only cookies that do not need users’ consent are those that are strictly necessary to fulfill the user’s request for services. That will cover, for example, the use of cookies to remember the contents of a user’s shopping cart as the user moves through several pages on a website. Other cookies, including those used to count visitors to a website and those used to serve advertising, will require consent.
Please get in touch with Dinesh on 01788 844014 to discuss how you should be complying with this legislation or send us an email enquiry form.
1. The law comprises the Privacy and Electronic Communications Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (“UK Regulations”).
