For many years websites have used cookies software in order to track users’ browsing, this has been used by businesses on their websites to store and retrieve that data.
Regulatory Control of Cookies
What Do The Regulations Outlaw?
The Regulations have brought in a law which mean that website owners will be breaking the law if they are using cookies files without the users’ explicit consent. This applies to all businesses regardless of size. It will now be law that businesses will have to ask permission to store and retrieve information on users’ computers or other browsing devices.
How Will the Regulations be Enforced?
The UK Information Commissioner Office (ICO) has discretionary powers, subject to the legislation, to enforce the regulations and impose penalties for non compliance. Penalties range from the power to conduct an audit, to civil monetary penalties of up to £500,000 for serious breaches.
You may be concerned that you are only now hearing that you are in contravention of a new law, but fear not as the ICO confirmed on 25 May 2011 that it will give organisations and businesses a further 12 months to ‘get their house in order’ before enforcement begins. It appears that this concession to businesses is not however entirely charitable, as the ICO has made it clear that those who choose to do nothing will have their lack of action taken into account when enforcement begins. The moral of the story is, if you haven’t started to put plans into place to make the necessary changes, then do it soon, it is likely that given the 12 month grace period once formal enforcement begins the history of each organisation will be under close scrutiny.
As with many new regulations there is likely to be a period when the powers will want to be seen to be flexing their muscles, however the government is urging for a phased approach. It is therefore unknown how enforcement will be approached in the months following May 2012.
Compliance Guidelines Available
Businesses may benefit from the vague and uncertain definition of ‘prior consent’. If it cannot be defined clearly by those who enforce it then how can businesses be expected to comply? To avoid any doubt however, there are steps that can be taken with reference to guidance from the ICO. If such guidance is followed it is hard to see how the same body could then seek to enforce against an organisation or business who had undertaken all action promptly in line with that guidance.
There is nothing to suggest that the regulations will disappear in 12 months time, so do nothing at your peril a far better approach would be to do something sooner rather than later.
If you would like more information on this topic or an initial discussion with no obligation please call Paul Haycock on 0114 274 4275.