Confusion reigns on “Cookie Day”
It’s “Cookie day” in the UK but website owners and legal experts are still desperately sifting through the new rules and advice from the Information Commissioner’s Office trying to get a clear picture of what it all means.
The changes to the Privacy and Electronic Communications (EC Directive) Regulations 2003 come into force today, 26th May 2011, and mean that cookies, clear GIFs or other automated tracking devices are only allowed where a user has been given “clear and comprehensive information” about their use and has given informed consent.
Government and the regulator are still looking for practical suggestions from commerce as to how this can be achieved without effectively shutting the internet down. Pop ups, agreeing to website terms and icons all have their place but, according to the ICO and the Department for Culture, Media and Sport, current browser settings are not sufficient to provide consent. Work with the browser manufacturers continues as the regulations do recognise this as a future option. It would also seem that applying the rules to mobile technology is even further off despite frantic conversations with Apple and app providers.
The ICO has come under fire for not being prescriptive enough in its guidance [http://www.ico.gov.uk/~/media/documents/library/Privacy_and_electronic/Practical_application/advice_on_the_new_cookies_regulations.pdf]. Information Commissioner Christopher Graham acknowledges “This advice is very much a work in progress and doesn’t yet provide all of the answers” and the Office has said firmly that in the first twelve months brands will be judged by their efforts to comply rather than by the letter of the law.
On Tuesday (24th May) Ed Vaizey, the Minister in charge of these regulations, felt it necessary to issue an open letter to answer some of the concerns of industry. Whilst saying that the DCMS approach is “light touch” and “business friendly”, he recognises that this is a “challenging and difficult provision” for commerce. He repeats the ICO promise that enforcement action will not be taken until appropriate technical solutions are available and denies that the Government is “goldplating” the Directive.
This was followed yesterday by a statement from Graham, “I have to remember that this law has been brought in to give consumers more choice about what companies know about them. That’s why I’m taking a common sense approach that takes both views into account” he said. He also revealed the Office’s own approach to notifying cookies on its website, “We’ve decided to place a header bar on our website giving users information about the cookies we use and choices about how to manage them.”
To help our subscribers make sense of all this as the sun sets on “Cookie Day”, Opt-4 has provided a simple Cookie Regulations Primer which sets out the basics of the new rules and suggests the steps website owners should be taking now to move along what Graham calls the “road to compliance”. To access the primer click here.
You can also access an example of a Cookie Audit Questionnaire which will help you to assess how much of an issue this is for your websites.
Other recent items: