ICO gives businesses 12 months to comply with EU cookie laws

UK businesses have 12 months to comply with new European Union regulations surrounding the use of cookies on websites.

UK businesses have 12 months to comply with new European Union regulations surrounding the use of cookies on websites.

The UK government's revised electronic communications regulations require businesses running consumer websites to request permission from visitors before locally storing cookies on users' computers.

This follows the new European Commission e-privacy directive, which comes into force on 26 May 2011 and aims to give users greater control over how they are tracked online.

Christopher Graham, information commissioner at the Information Commissioner's Office (ICO), said in a statement it is giving UK businesses up to 12 months to address the new regulations and "get their house in order".

"Those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules," he warned.

The ICO recommends businesses:

1. Check what type of cookies and similar technologies you use and how you use them.

2. Assess how intrusive your use of cookies is.

3. Decide what solution to obtain consent will be best in your circumstances.


Cookie use options

The ICO has introduced a header banner to its own website to remind visitors about how it uses cookies. Other suggested actions include updating user terms and conditions, providing cookie options as part of user settings or asking for cookie permission when users access a particular website feature.

The ICO said the most challenging aspect of the new regulations concerns the use of third-party cookies on websites.

George Thompson, information security director at KPMG, said few organisations are prepared for new regulations affecting data management.

"Hardly any companies have made a pre-emptive move to request permission to use cookies. [...] We are yet to see how the ICO will wield its new powers, but the inevitable audits will surely uncover some very painful truths about risk and compliance," he said.


Commercial value of cookies

The government is in talks with companies, such as Google and Mozilla, about its default browser settings, which allow users to block cookies.

Kim Walker, partner at law firm Thomas Eggar, said cookies have commercial value for businesses using information to analyse consumers' browsing habits.

"The huge commercial value to businesses of the information made available by cookies means there is a large investment to be made in offering users appropriate and informed choices where the information stored could be intrusive," added Walker.

Malcolm Duckett, CEO of Magiq, said some businesses could be driven to host websites outside the UK and Europe to avoid stricter cookie rules and liability.

  • To read the ICO's advice, click here.
  • For more information about cookies, click here.

Read more on IT legislation and regulation