1 London Street,
+44 (0)118 951 6200
So what do the new rules say?
In essence, the new legislation prohibits the provider of a website from placing cookies on a user’s computer without first obtaining the user’s consent. Previously, it was sufficient that a website offered users the opportunity to refuse or object to the deployment of cookies. This is more commonly known as an “opt-out” scheme and does not require active consent. By contrast, users must now “opt-in” before a cookie can be placed on their machine.
The only exception to this rule is if the placement of the cookie is “strictly necessary” for a service requested by the user. Unfortunately, this exception is likely to be narrowly interpreted and will be limited to a small range of activities. The exception would not apply, for example, if the cookie is used to collect statistical information about the use of your website or because the placement of such cookies makes your website more attractive.
How to comply with the new rules
The Information Commissioner's Office (ICO) has issued some guidance on the new rules:
The ICO suggests that a useful idea would be to think of this in terms of a sliding scale, with intrusive cookies at one end and privacy neutral cookies at the other. Efforts to achieve compliance should be prioritised for the more intrusive cookies, such as those that involve creating detailed profiles of an individual's browsing activity.
The ICO guidance also specifically mentions the role of third parties. Firstly, where information collected about website use is passed to a third party then this needs to be made absolutely clear to users.
Timescales and enforcement
The ICO may enforce the new rules in a number of ways including imposing significant fines for serious breaches. However, in recognition of the potential inconvenience that will be caused to both users and website providers, the ICO has stated that enforcement action will not be taken until May 2012. However, organisations must still take adequate steps to ensure compliance by May 2012 and the ICO may issue a warning to any website provider that it feels is failing to do so.
It is vital that steps are taken as soon as possible to ensure compliance by May 2012. Should you require any further information regarding these new rules then please do not hesitate to contact Cathrine Ripley who would be glad to assist.