Last year the EU’s amended Privacy and Electronic Communications Directive came into effect in UK law in the form of the Privacy and Electronic Communications (EC Directive) Amendment Regulations 2011. This was intended to protect the privacy of internet users by implementing rules on how electronic communications networks store information or gain access to information stored on the hardware of subscribers/users in the form of “cookies”. The Information Commissioner’s Office (ICO) gave businesses one year to find workable technical solutions and make the changes. This period ended on 25th May 2012.
The key rules:
- You must inform users/subscribers to your website that you are using cookies and explain clearly and comprehensively what their purpose is; and
- You must obtain the user’s/subscriber’s informed consent to store such cookies on their device – either before the cookie is set or as soon as possible after they have accessed the website.
There are limited exemptions available to these rules. Examples are connected with goods in the checkout basket for online purchasing or secure online banking.
Non-compliance may result in enforcement notices and/or fines up to a maximum £500,000.
What should you do?
- Cookie audit: find out what and how cookies or similar technologies are used in your website. Also consider how intrusive they are.
- Decide how best to obtain consent for using cookies for your website – how will it best fit in with your website. Consent is only required once, unless the cookies change.
- Speak to your web designer about implementing the change and how they can include it – what about pop-ups, message bars, etc?
For further information on compliance and implementation see the ICO website: www.ico.gov.uk
If you have any questions regarding the above or require any assistance, please do not hesitate to contact Debbie Turner, Katya Cleere or Tim Nathan +44 (0)1372-461411.