Cookie consent laws come into force this weekend
Websites will be required by law to ask users what data they are content to have stored about them online from this weekend.
The new EU legislation requires websites ask users for their 'informed consent', and will divide the type of consent into different categories.
A new code of conduct, introduced by the London office of the International Chamber of Commerce, aims to help businesses comply with new EU legislation which comes into force on Sunday. Breaches of the code could cost companies £500,000.
Although the majority of websites in the UK and across Europe will not conform to the new rules, British authorities have said that they will help rather than prosecute companies that are seeking to obey the rules.
The legislation will introduce four new categories for cookies, which the ICC suggests will be identified with four icons.
The Information Commissioner (ICO) had given British websites a year's grace period to comply with the new legislation, which expires this weekend.
The ICO has recently clarified that websites can rely on "implied consent" for some aspects, so long as sites are satisfied that users understand the overall terms to which they have agreed.
The ICO's Dave Evans wrote in a blog post that sites "should not rely on the fact that users might have read a privacy policy that is perhaps hard to find or difficult to understand.In some circumstances, for example where you are collecting sensitive personal data such as health information, you might feel that explicit consent is more appropriate".
The regulations distinguish between cookies that are ‘Strictly necessary’ for a website to function; those necessary for a site to monitor its ‘performance’; cookies that add ‘functionality’ such as remembering a password; and ‘Targeting Cookies’, which collect several pieces of information about users’ browsing habits.
On the launch of the new Guide at a Government event in Whitehall, Stephen Pattison, CEO of ICC UK, said: “Educating consumers about cookies and their uses has to be the first step in complying with the new EU rules”.
The new guide includes suggestions for how websites describe what they are asking for in the simple language the EU demands. It acknowledges, however, that some cookies will fall into multiple categories.
Mr Pattison said that the process may become simpler as consumers become more aware of how their information is being used.
The Information Commissioner’s office welcomed the launch of the guide. David Evans, Group Manager for Business and Industry at the ICO, “We have always been clear that organizations need to provide visitors to their website with enough information to enable individuals to make an informed choice on whether they wish for cookies to be placed on their device.”
An ICC official said the aim of the new guide was to provide compliance with EU regulations without disrupting current practices. The ICO has already said that it will not be actively investigating sites unless complaints are made, in part because a number of sites, run by both business and government, are expected to miss the deadline.
Although major sites and ISPs support the measures, Robert Bond, of law firm Speechly Bircham, said “Whilst the ICO has made it clear that he, Christopher Graham, is not going to have his team expending effort to investigate all websites, he will take interest in websites that are non-compliant particularly where on investigation the website owner has done nothing to get compliant with the law.
The ICO is unlikely to impose the full monetary penalty of £500,000 for the most serious breaches, but there is no doubt that many websites, where user trust is essential, will need to take steps to engender that trust by being transparent about the use of cookies and also educating consumers to the fact that the majority of cookies are good and not anywhere near as bad as the law appears to make out."
No comments:
Post a Comment