Author: Alan Wetterhahn
The law which applies to cookies changed almost a year ago, on 26 May 2011. Website operators were given a one year grace period within which to implement the changes required by the new regulations. However, time is almost running out. This period is due to expire shortly, on 26 May 2012.
You may be asking what all the fuss is about. Yet, if your business has a website, it almost certainly contains cookies and all cookies fall under the remit of this law. Cookies are small text files which embed themselves onto the hardware of a visitor to a site. Some are seen as harmless, and they collect data for the purposes of counting the number of unique visitors to a site or perform other analysis; however, others can be used to build up a profile about specific users, recording their habits and preferences often without their knowledge.
So, what must you do to comply? The ICO recommends that website operators carry out a "cookie audit" to identify what cookies their website contains. Once these have been identified, the website operator will need to take a risk based approach to decide what is the best solution for their website. The ICO recommends a range of options that could be used to make a website compliant, including the use of prominent headers and footers containing links to a cookies policy, pop up windows, the use of different font types and changes to the website’s login conditions.
It should be noted that consent needs to be obtained only once and consent is not required where the use of the cookie is essential to the service being provided to the user, such as through the use of an online shopping basket.
The consequences of a breach of the rules could be severe. The ICO can request undertakings, serve enforcement notices and impose monetary fines of up to £500,000 on businesses. The ICO has stated in its guidance that if operators can be seen to be addressing the issue the ICO is unlikely to take any action.
For further information please contact Alan Wetterhahn, Associate,
Fladgate LLP (firstname.lastname@example.org)