The Information Commissioner’s Office have announced they will not be fining websites that fail to meet new cookie rules
The new cookie law which is to be implemented from the 26th of May states that websites must provide information to site visitors where users will have to give their consent to the placing of cookies. This law technically came into force last May from the EU directive, but the ICO gave UK sites a year before taking enforcement action. (Information taken from www.pcpro.co.uk).
Cookies are a small text file that is stored on your computer or device when you visit a website. A common cookie is traffic log cookies which help identify which pages are being used. This helps to analyse data about webpage traffic and improve a website in order to tailor it to customer needs. The information is used for statistical analysis purposes and then the data is removed from the system.
As it sounds, this cookie and others are harmless so why should users keep having to be pestered with pop ups for them to agree for it to be placed; when actually it is collating data for the site to become more user friendly for the visitors.
Therefore sites will generally be investigated by the ICO after users report them via a yet-to-launch tool on the watchdog's site. Only the most intrusive cookies will lead to the ICO using its “enforcement powers”, deputy commissioner Dave Smith had said. This would include fines up to $500,000 or notices requiring companies to take action to fix data protection flaws.
Smith said fines were unlikely for cookies, as they wouldn't meet the requirements for being “substantially distressing” to individuals. “We do not rule that out but it's most unlikely that breaches of cookie requirements meet the requirement for monetary penalty,” he said. “In the area of cookies, it's quite hard to satisfy the test for a fine.”
Smith said people have asked if the ICO's own site should be looked to as a model for how to address the new rules. “We don't put it up as a wonderful inventive solution… but above all, it's legally compliant,” he said, adding there are “probably much better ways of getting consent”.
However, the ICO had few examples to point to for businesses to get ideas, saying it didn't want to hold up specific sites as models of compliance as every site will require a different approach and use different technologies – adding apps could also be covered by the regulations.
Smith said the ICO was about to send letters to 50 top websites, asking what they're doing to meet the rules. Earlier this week, the Cabinet Office admitted the majority of Government sites wouldn’t reach full compliance by next week. The ICO said that didn't give a free pass to other sites. “Don't take Government websites as an excuse,” Evans said.
For previous information about the enforcement of the EU Cookie Law, you can see Pete’s blog posted on May 8th.