ICO Gives Website Owners One Year to Comply with Cookies Law
Organisations and businesses that run websites aimed at UK consumers are being given up to 12 months to ‘get their house in order’ before enforcement of the new EU cookies law begins, Information Commissioner, Christopher Graham said today.
The UK government has revised the Privacy and Electronic Communications Regulations, which come into force in the UK on the 26th May, to address new EU requirements. The Regulations make clear that UK businesses and organisations running websites in the UK need to get consent from visitors to their websites in order to store cookies on users’ computers.
As the independent arbiter of information rights, the Information Commissioner has been charged with regulating the new rules for websites aimed at UK consumers.
The ICO has today published guidance on its approach to enforcing the new rules – as well as guidance on other new powers coming into force as part of the revised Regulations.
- Guidance on how the ICO will enforce the new rules on cookies
- Information for consumers on what the new rules will mean for them and how to complain to us
- Information on what the ICO itself is doing to comply with the new rules in respect of its own website;
Speaking today at the Incorporated Society of British Advertisers’ briefing on cookies, privacy and consumers, Information Commissioner, Christopher Graham, said:
“I have said all along that the new EU rules on cookies are challenging. It would obviously ruin some users’ browsing experience if they needed to negotiate endless pop ups – and I am not saying that businesses have to go down that road. Equally, I have to remember that this law has been brought in to give consumers more choice about what companies know about them. That’s why I’m taking a common sense approach that takes both views into account.”
“Browser settings giving individuals more control over cookies will be an important contributor to a solution. But the necessary changes to the technology aren’t there yet. In the meantime, although there isn’t a formal transitional period in the Regulations, the government has said they don’t expect the ICO to enforce this new rule straight away. So we’re giving businesses and organisations up to one year to get their house in order. This does not let everyone off the hook. Those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules.”
“As the regulator, I’m conscious that my own website will be looked at for a model of how to comply. We’ve decided to place a header bar on our website giving users information about the cookies we use and choices about how to manage them. I am not saying that other websites should necessarily do the same. Every website is different and prescriptive and universal ‘to do’ lists would only hinder rather than help businesses to find a solution that works best for them and their customers. The initial advice that we issued earlier this month will continue to be supplemented with real-life examples as they come in.”
Commenting on the ICO’s approach, Stephen Robertson, Director General of the British Retail Consortium (BRC), said:
“Retailers recognise the challenge of legislating in the changing online environment – which is why the BRC has worked closely with the ICO to help ensure a balanced approach to regulation that helps UK business maintain its position as world leader in e-commerce while also providing clarity on important consumer rights.”
“The retail sector supports the advice produced, especially the suggested approach that allows a ‘lead in’ period for businesses. We’ll continue to maintain close engagement with the ICO to support policy development that is clear, consistent and supportive of businesses and consumers shopping online.”
On the other new powers granted to the ICO as part of the Regulations, Christopher Graham, added:
“Let’s not forget that the revised Regulations grant the ICO other significant new powers. Along with the power to impose financial penalties on telecoms and internet companies who fail to notify us about their data breaches, we will also have stronger powers to investigate the businesses behind nuisance marketing calls and spam texts. Tackling the businesses that make money from this is a challenge, but these new powers will give us access to more of the information we need to do the job.”