On 26 May 2012 the Information Commissioner’s Office (ICO) will start to gather evidence that companies are taking steps to comply with the new Privacy and Electronic Communications Regulations that came into force on 26 May 2011. There is a lot of discussion about the so called EU Cookie Law and what steps website owners must take to be compliant. We have summarised the key information that website owners need to ensure that they stay on the right side of the ICO.
What are cookies?
Cookies are simply small text files placed on your computer or mobile device during your visit to a website or web page. Cookies help website owners remember your username, preferences, analyse website performance and ultimately to provide relevant content. For more information see this article from Wikipediahttp://en.wikipedia.org/wiki/HTTP_cookie.
What are the new regulations for?
The regulations are intended to protect individuals from intrusive access to their personal information and covert surveillance of their online activity. The vast majority of legitimate website owners take their customers’ privacy seriously and these new regulations might seem unnecessarily onerous. However, there will always be a less courteous minority that carelessly or maliciously misuses personal information about visitors and the regulations are in place to protect the public from these rogues.
What do website owners need to do in order to comply with the regulations?
The ICO provides detailed information on the regulations and advice on how to comply with them in this article:
Privacy and electronic communications: Cookies.
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
There are some exemptions and differing opinion on what constitutes consent, these issues are discussed in numerous publications, including these available from E-consultancy and Out-Law.com:
Opt-in or consent?
This is a very important question. If you can demonstrate on your website that information about all cookie use is easy to access and easy to understand for your customers, then even if you don’t take any action to get explicit consent through a check box you may be able to demonstrate that you are compliant with the law because you have implied consent. Colin O’Malley in this article explains the difference between “opt in” and “consent” in more detail: The difference between consent and opt-in
When should I start?
You should have started already. The ICO will start to gather evidence that companies are taking steps to comply with the new regulations next Saturday (May 26th). All website owners must provide clear information to their users about the type of cookies used and current policies in place to obtain consent. Here you can find some examples of organisations taking steps to comply with the regulations:
ICO privacy notice: http://www.ico.gov.uk/Global/privacy_statement.aspx
What is absolutely essential for the 26th May?