Web bosses 'must try harder' to comply with cookie law, says Information Commissioner
Website owners "must try harder" to comply with the new law on internet cookies, the Information Commisioner's Office said today.
The new regulations make clear that UK businesses and organisations running websites in the UK need to get consent from visitors to their website in order to store cookies on their computers.
The ICO was put in charge of regulating the new rules last year but gave site owners a 12-month period of grace before they were enforced because most sites were not ready for the new law.
This grace period ends on 26 May and the ICO today published its half-term report about the progress sites have made so far. It does not make for happy reading.
Christopher Graham, the Information Commissioner, said: "Our mid-term report can be summed up by the schoolteacher’s favourite clichés 'could do better' and 'must try harder'. Many people running websites will still be thinking that implementing the law is an impossible task. But they now need to get to work. Over the last few months we’ve been speaking to and working with businesses and organisations that are getting on with it and setting the standard. My message to others is – if they can do it, why can’t you?
“Some people seem to want us to issue prescriptive check lists detailing exactly what they need to do to comply. But this would only get in the way and would be too restrictive for many businesses and organisations. Those actually running websites are far better placed to know what will work for them and their customers.”
Key points set out in the amended cookies advice include:
* More detail on what is meant by consent. The advice says ‘consent must involve some form of communication where an individual knowingly indicates their acceptance.’
* The guidance explains that cookies used for online shopping baskets and ones that help keep user data safe are likely to be exempt from complying with the rules.
* However, cookies used for most other purposes including analytical, first and third party advertising, and ones that recognise when a user has returned to a website, will need to comply with the new rules.
* Achieving compliance in relation to third party cookies is one of the most challenging areas. The ICO is working with other European data protection authorities and the industry to assist in addressing the complexities and finding the right answers.
* The ICO will focus its regulatory efforts on the most intrusive cookies or where there is a clear privacy impact on individuals.