Ahead of changes to the e-Privacy Directive taking effect in 2016, research by Cookie Reports has found that only one company in the FTSE 100 admitted to recently auditing cookies on its websites, despite the new EU Regulation about to come into force.
Fines for the breach can be up to two per cent of global revenue.
The audit followed an initial cookie sweep of 478 sites in eight EU countries, which highlighted that 70 per cent of the 16,555 cookies identified were placed by third parties.
Some businesses use cookies that will outlast the usefulness of user devices. The ICO came across three cookies set by websites that would not expire until 31 December 9999. One of these websites was based in the UK.
Read more about cookies:
- EU cookie rules: 45 actions to consider
- European Commission geo-location cookie monster: Friend or foe?
- Don’t let the end of cookie amnesty catch you
These results came out after Cookie Reports audited every FTSE 100 company’s websites.
“From a privacy perspective, this is particularly concerning as organisations may be unwittingly sharing their consumer’s data with unknown third parties,” explained Stephen Hickey, CEO of Cookie Reports. “It would appear that companies are unaware of what data is being exposed and how long for.”
Hickey continued: “At a time when winning public trust is a major focus for many FTSE 100 companies, we believe companies are not regulating how suppliers are using their data and what is required to achieve compliance. With more and more cookies being set by third parties on company websites, our research has revealed that many firms may not be aware of where their data is going and how it’s used.”
The research also examined the level of compliance by sector, revealing insurance, hospitality, pharmaceutical and retail as the worst performing sectors.
Independent industry analyst Stephen O’Donnell said: “The fact that the consumer facing sectors are the worst performing demonstrates an immediate need for education on cookie law, followed by strong compliance action. Brand damage caused by data breaches is extremely difficult to repair. Large corporate data compliance fines tend to hit the front pages.”
Image: Shutterstock
Share this story
