Cookie crunch: Is your website ready for the 26 May deadline?

By 26 May 2012, all UK organisations that operate a website will need to obtain consent from visitors to its website in order to continue using cookies. The EU rules on the use of internet cookies changed following amendments made to the E-Privacy Directive. Those changes were implemented in the UK last year following amendments to the Privacy and Electronic Communications (EC Directive) Regulations 2003.

03/05/2012

Wesley O'Brien

Wesley O'Brien

Senior Associate

By 26 May 2012, all UK organisations that operate a website will need to obtain consent from visitors to its website in order to continue using cookies. The EU rules on the use of internet cookies changed following amendments made to the E-Privacy Directive. Those changes were implemented in the UK last year following amendments to the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Cookies (put simply, small packets of data stored on a user’s computer when the user accesses and browses a website) are used by most websites for a range of purposes, including to analyse the behaviour of website visitors (to monitor traffic and to report popular pages), to recognise users who return to the website (to personalise pages), to track a user’s interests and deliver targeted advertising to that user, and to allow users to access secure areas of a website.

By 26 May 2012, website owners are required to have made appropriate technical changes to their websites to provide clear and comprehensive information to, and obtain consent from, visitors in order to use cookies. It’s important to ensure that the information provided is accurate as the consent needs to be “specific” and “informed”. In its guidance, the Information Commissioner’s Office (ICO) has said that the information should be full and provided in plain and accessible language to allow non-technical users to understand clearly the potential consequences of agreeing to allow the cookies to operate on their devices, and that consent must involve some form of communication where the individual knowingly indicates their acceptance. It’s unlikely that a website owner can infer consent on the basis of a user’s browser settings (where a user is able to indicate what cookies they will allow). The ICO won’t commit to endorsing any one particular solution and it’s very likely that a solution for one website won’t necessarily work for another. The mechanisms available for obtaining consent include pop-up boxes, header bars, and subscribing to a service.

Cookies which allow users to access secure areas of websites (so-called “strictly necessary” cookies) will be exempt from the requirement to obtain consent.

Steps to take

In line with the ICO guidance, we would recommend that organisations conduct an audit of their websites and in particular:

  1. check which cookies are being used and how
  2. assess how intrusive the use is and prioritise compliance efforts (starting with the most intrusive use)
  3. decide which solution for providing clear and comprehensive information and obtaining consent works best in the circumstances
  4. involve in the audit process the IT department, web host and designer, and any third parties who provide content or services for the website
  5. if in doubt about whether you will comply, seek legal advice.

Time is short. Organisations that have not yet done so will need to move quickly to ensure that they comply with the legislation before 26 May 2012. The ICO has the power to issue fines of up to £500,000 for organisations that fail to comply.

Further reading

The ICO guidance is available here

The Government Digital Service guidance for public sector bodies is available here (although it has not been endorsed by the ICO)

Related Insights

Health and Social Care Update - June 2018

by Claire Bentley

Policy and law relevant to those involved in health and social care work.

Authority Update 8/6/18

by Claire Booth

Brief details of recent policy and legal developments relevant to those involved in local government work

Authority Update 25/5/18

by Claire Booth

Brief details of recent policy and legal devleopments relevant to those in the local government sector

CMA publishes Joint Venture Business Advice

by Trevor Watt

Joint Misadventure: specialist laundries fined £1.7m for market...

by Trevor Watt

Copyright Licensing Agency warns that a third of local authorities...

by Virginia Cooper

Copyright Licensing Agency warns that a third of local authorities could be at risk of compliance action

Bevan Brittan on Cloud Nine

by Richard Lane

Government Digital Marketplace Appointment

We are truly privileged to advise you!

by Louise Robling

Mr Justice Akenhead has held in the case of Walter Lilly and Company Limited v Mackay and DMW [2012] EWHC 649 (TCC) that advice...

Keep up to date With Bevan Brittan

What interests you?

About you?

You can view our privacy policy here