Cookie crunch: Is your website ready for the 26 May deadline?

By 26 May 2012, all UK organisations that operate a website will need to obtain consent from visitors to its website in order to continue using cookies. The EU rules on the use of internet cookies changed following amendments made to the E-Privacy Directive. Those changes were implemented in the UK last year following amendments to the Privacy and Electronic Communications (EC Directive) Regulations 2003.

03/05/2012

Wesley O'Brien

Wesley O'Brien

Senior Associate

By 26 May 2012, all UK organisations that operate a website will need to obtain consent from visitors to its website in order to continue using cookies. The EU rules on the use of internet cookies changed following amendments made to the E-Privacy Directive. Those changes were implemented in the UK last year following amendments to the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Cookies (put simply, small packets of data stored on a user’s computer when the user accesses and browses a website) are used by most websites for a range of purposes, including to analyse the behaviour of website visitors (to monitor traffic and to report popular pages), to recognise users who return to the website (to personalise pages), to track a user’s interests and deliver targeted advertising to that user, and to allow users to access secure areas of a website.

By 26 May 2012, website owners are required to have made appropriate technical changes to their websites to provide clear and comprehensive information to, and obtain consent from, visitors in order to use cookies. It’s important to ensure that the information provided is accurate as the consent needs to be “specific” and “informed”. In its guidance, the Information Commissioner’s Office (ICO) has said that the information should be full and provided in plain and accessible language to allow non-technical users to understand clearly the potential consequences of agreeing to allow the cookies to operate on their devices, and that consent must involve some form of communication where the individual knowingly indicates their acceptance. It’s unlikely that a website owner can infer consent on the basis of a user’s browser settings (where a user is able to indicate what cookies they will allow). The ICO won’t commit to endorsing any one particular solution and it’s very likely that a solution for one website won’t necessarily work for another. The mechanisms available for obtaining consent include pop-up boxes, header bars, and subscribing to a service.

Cookies which allow users to access secure areas of websites (so-called “strictly necessary” cookies) will be exempt from the requirement to obtain consent.

Steps to take

In line with the ICO guidance, we would recommend that organisations conduct an audit of their websites and in particular:

  1. check which cookies are being used and how
  2. assess how intrusive the use is and prioritise compliance efforts (starting with the most intrusive use)
  3. decide which solution for providing clear and comprehensive information and obtaining consent works best in the circumstances
  4. involve in the audit process the IT department, web host and designer, and any third parties who provide content or services for the website
  5. if in doubt about whether you will comply, seek legal advice.

Time is short. Organisations that have not yet done so will need to move quickly to ensure that they comply with the legislation before 26 May 2012. The ICO has the power to issue fines of up to £500,000 for organisations that fail to comply.

Further reading

The ICO guidance is available here

The Government Digital Service guidance for public sector bodies is available here (although it has not been endorsed by the ICO)

Related Insights

Authority Update 16/2/18

by Claire Booth

Brief details of recent policy and legal developments relevant to those in the local government sector

Health and Social Care Update - February 2018

by Claire Bentley

Policy and law relevant to those involved in health and social care work.

Bevan Brittan wins place on housing association Riverside’s legal...

by Steven Eccles

Authority Update 2/2/18

by Claire Booth

Brief details of recent policy and legal developments relevant to those involved in local government work

Authority Update 19/1/18

by Claire Booth

Brief details of recent legal and policy developments relevant to those involved in local government work

Authority Update 5/1/18

by Claire Booth

Brief details of recent Government policy, legal and other developments relevant to those involved in local government work

Health and Social Care Update - January 2018

by Claire Bentley

Policy and law relevant to those involved in health and social care work.

Updated PAS 91 – selection questionnaire for works contracts

by Emily Heard

Keep up to date With Bevan Brittan

What interests you?

About you?