16th March 2013
Last May, EU legislation came into place meaning that any website using cookies to store information about its visitors, had to both make it clear on their website’s privacy statement and ask for the user’s consent before they were allowed to use the website. If they didn’t, further action would be taken, and legal proceedings and monetary fines were mentioned.
This news was major enough to be covered by TV and the papers, and a lot of us remember the panic followed into what exactly cookies are used for on websites (a lot) and the excessive work that followed websites basically covering their hides so no one got sued.
Luckily just before this legislation came into force, a small change was made by the UK Information Commissioner. Indicating that websites can assume that the user has given “implied consent”. As quoted in the Guardian’s article:
This made life a bit easier for the average business website, but there was a new twist in January when the ICO published on their website that they were changing how cookies were run on their own website:
The aim is to help us collect reliable information to make our website better, while remaining compliant with the rules on cookies and our own guidance.”
There were a couple of articles that followed this development, both courtesy from Silktide MD, Oliver Emberton. Oliver, known for his Cookie Law Protest Site blogged about his take on the development and went on to talk to .Net magazine that this meant the cookie law is at long last dead.
If you haven’t already, it is worth watching the video at ICO or if you have the time and patience, download the 31 page Cookies Guidance PDF (available on the same page as the video). It does contain some interesting points, but can be a bit long-winded.
Another proof that the cookie law is still in force is the quarterly review also on ICO website. This is an ongoing report summarising both reports and concerns over websites failing to comply and what they are doing about it. From this guide it is clear that the ICO is working with the companies that they have concerns over . Their summary quotes:
“We are considering 14 websites for further investigation. In these cases we will contact them to discuss their compliance, and require them to take steps as necessary. We have passed details of five websites to our International team, who have told the relevant European authorities about the concerns we received.
We will continue to contact every site we receive a concern about to ensure they know what steps they need to take.”
So there is no need to panic. If it gets to the stage that further action is taken on a website, it’s because of the failure to comply with the ICO or sheer ignorance on the company’s part.
On a separate note, I did check out two international companies not mentioned in the list on ICO’s quarterly report: One does clearly indicate on the first page what cookies are used for and gives the user the option to opt out and the other does not mention it at all. Will the ICO catch up with them? I will certainly be keeping posted.
© 2000-2019 DVH Design. All rights reserved.