SME CORNER: Crunch time for cookie-users

The so called ‘cookie law’ will be enforced from 25th May, after the Information Commissioner gave UK businesses 12 months to get their websites operating in line with the new rules

The snappily-named Privacy and Electronic Communications Directive became law in England last May, but to the relief of most businesses, the Information Commissioner’s Office allowed a 12 month period of grace to allow website owners time to comply.

That period of grace expires on 25th May 2012 and businesses are being warned that there will be fierce penalties for non-compliance now that the new rules are in force.

The so-called ‘cookie law’ requires every website owner to obtain consent before installing cookies on the computer of a visitor to their site. In addition, websites using cookies must set out a clear description of how cookies are used on the site and, if cookies are used to obtain personal information on a customer, the website must publish a privacy policy.

Said commercial / digital law expert Brendan O’Brien from Breeze & Wyles Solicitors LLP : “Any business that has not yet taken action to comply must do so urgently. The 12-month period of grace means that the penalties for businesses that do not comply will be all the harsher. The Information Commissioner warned last year that ‘those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules.’”

So what is a cookie?

It is a file that enables a website to store data relating to users. For example, a cookie will enable the website of an on-line store to record what is in your basket, or to know what scene you have reached if you are watching a television drama on-line.

Cookies do not act as viruses because they cannot perform functions, they can only read. However they can act as a sort of spy in your computer because they can record your browsing patterns and personal information without your knowledge. For this reason anti-virus and security software will normally flag them for deletion.

Who needs to act?

The owner of any website that operates within the EU must now ensure compliance with the rules. This includes any website that has a secure area where users log in, or one that has a shopping basket facility or runs advertisements from third parties.
Even if your website does none of these things it might be using cookies if it has software such as Google Analytics that collects statistical information about the use of the website or the number of viewings of particular pages on the site.
Brendan added: “Many smaller businesses have assumed it won’t apply to them if they don’t trade online or have complex websites, but most of them will be running site analytics.

“The message to those who are not yet compliant is that it is not too late to act but you must act fast. At the very least small businesses need to put a ‘consent to cookies’ clause in their terms and conditions and have a click to accept box for these terms if they do not have one already. Then pages must be added to the website to contain a description of how cookies are used and, if personal data is collected, to set out a privacy policy.”

ENDS

Web site content note:

This is not legal advice; it is intended to provide information of general interest about current legal issues.

 

This entry was posted in Blog / News. Bookmark the permalink.