On May 26 last year, the UK law relating to cookies changed in response to a European Directive and businesses with their own interactive websites will need to ensure that their cookie policy is fully up to date by May 26, 2012. This is when the current grace period giving businesses time to comply with new legislation comes to an end.

“The legislation aims to ensure that consent is sought by web sites using cookies in certain specific circumstances,” says Martin Noble, associate and online legal expert at Shakespeares. 

“The old regime gave users the right to refuse cookies at any point, but the new one requires that users give ‘specific and informed’ consent to the cookies being present in the first place.

“The type of consent required depends on the nature of the cookie being used – the more intrusive it is, the more attention that needs to be drawn to its use. No consent is needed where cookies are considered ‘strictly necessary’ for the provision of a service requested by the user. 

“For example, a cookie that enables the contents of a virtual shopping basket to be remembered at an online store. However, the use of behavioural advertising cookies (that track a user’s browsing habits) would need specific consent.”

Website operators will not be allowed to rely upon users simply changing their web browser settings on May 26 to accept or reject certain types of cookies. 

This is an area is being looked at separately as the current web browsers have not been deemed fit for the new purpose. Sites with details of their cookie policy within their privacy policy may also not be compliant with the new legislation. 

The legislation is unclear about who is responsible for third party cookies, adds Noble: 

“Targeting or advertising cookies are often not controlled by the website operator and are set by a third-party advertiser. It is not yet clear how the legislation will impact on this type of cookie and in the meantime, operators should work closely with any third parties to ensure that the use of cookies is compliant.

“The ICO has the power to fine up to £500,000 in the most serious cases and will take into account the adequacy of what has been done prior to 26 May 2012 in any investigation. Therefore, if not done already, website operators need to audit their sites to assess how intrusive their cookies are and decide on the best solution for providing the user with information about their use and obtaining consent as appropriate.”

Picture source

Share this story