Font Size

Must try harder on cookies compliance says ICO

 By

The Information Commissioner’s Office

Computer/Internet/Software Articles
Submit Articles   Back to Articles

13 December 2011

Website owners ‘must try harder’ on complying with the new cookies law the Information Commissioner’s Office (ICO) said today, as it published its half term report on enforcing the new rules.

The ICO has also today published updated guidance for UK websites owners, setting out specific examples of what compliance looks like.

Information Commissioner, Christopher Graham, said:

“The guidance we’ve issued today builds on the advice we’ve already set out, and now includes specific practical examples of what compliance might look like. We’re half way through the lead-in to formal enforcement of the rules. But, come 26 May next year, when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there.”

The UK government has revised the Privacy and Electronic Communications Regulations, which came into force in the UK on 26 May, to address new EU requirements. The Regulations make clear that UK businesses and organisations running websites in the UK need to get consent from visitors to their websites in order to store cookies on users’ computers.

One common technique of storing information is widely known as a cookie. This is a small file that a website puts on a user’s computer so that it can remember something, for example the user’s preferences, at a later time. The majority of businesses and organisations in the UK currently use cookies for a wide variety of reasons – from analysing consumer browsing habits to remembering a user’s payment details when buying products online.

As the independent arbiter of information rights, the Information Commissioner has been charged with regulating the new rules for websites aimed at UK consumers.

Mr Graham continued:

“Our mid-term report can be summed up by the schoolteacher’s favourite clichés “could do better” and “must try harder.” Many people running websites will still be thinking that implementing the law is an impossible task. But they now need to get to work. Over the last few months we’ve been speaking to and working with businesses and organisations that are getting on with it and setting the standard. My message to others is – if they can do it, why can’t you?

“Some people seem to want us to issue prescriptive check lists detailing exactly what they need to do to comply. But this would only get in the way and would be too restrictive for many businesses and organisations. Those actually running websites are far better placed to know what will work for them and their customers.”

Key points set out in the amended cookies advice include:

  • More detail on what is meant by consent. The advice says ‘consent must involve some form of communication where an individual knowingly indicates their acceptance.’
  • The guidance explains that cookies used for online shopping baskets and ones that help keep user data safe are likely to be exempt from complying with the rules.
  • However, cookies used for most other purposes including analytical, first and third party advertising, and ones that recognise when a user has returned to a website, will need to comply with the new rules.
  • Achieving compliance in relation to third party cookies is one of the most challenging areas. The ICO is working with other European data protection authorities and the industry to assist in addressing the complexities and finding the right answers.
  • The ICO will focus its regulatory efforts on the most intrusive cookies or where there is a clear privacy impact on individuals.

A mid-term report can be viewed on the ICO website here:

http://www.ico.gov.uk/news/blog/2011/half-term-report-on-cookies-compliance.aspx

The guidance can be viewed on the ICO website here:

http://www.ico.gov.uk/news/blog/2011/~/media/documents/library/Privacy_and_electronic/Practical_application/guidance_on_the_new_cookies_regulations.ashx

If you need more information, please contact the ICO press office on 0303 123 9070 or visit the website at: www.ico.gov.uk.

Notes 

  1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  1. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
  1. The ICO is on Twitter, Facebook and LinkedIn
  1. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

About the Author

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We do this by promoting good practice, ruling on complaints, providing information to individuals and organisations and taking appropriate action when the law is broken.

The ICO enforces and oversees the following legislation:

  •  Data Protection Act 1998
  •  Freedom of Information Act 2000
  •  Privacy and Electronic Communications Regulations 2003
  •  Environmental Information Regulations 2004


Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2011-12-19 08:15:16 in Computer Articles

All Articles