Privacy and electronic communications regulations: Guide to EU cookie compliance

Get advice for implementing PECR regulations requiring website owners to request users’ permission to place a tracking cookie.

Beginning in May 2012, the Information Commissioner’s Office (ICO) will be enforcing the privacy and electronic communications regulations (PECR), which require website operators to explicitly request permission from users before placing a tracking cookie on their computers. This new regulation, sometimes called the “cookie law,” will first be enforced in the UK, and may eventually become law in other countries of the European Union.

The new regulations require most organisations to make changes to their websites, yet there is a great deal of confusion about how and when to make these changes. To help your organisation plan and implement a compliance strategy for the cookie law, this guide contains news and advice for EU cookie compliance.

What should US firms do?
Two different views

Experts have different advice for US companies with a website serving EU citizens, reflecting the general confusion around EU cookie compliance.

One security expert advises US companies take steps now to show they have tried to comply with the UK cookie law.

Another security expert says the UK cookie law may not apply to companies that are physically and legally located outside the jurisdiction of an EU member state, irrespective of whether it is providing services to customers in the EU.

ICO issues advice and warnings for unpopular UK cookie legislation
The ICO's cookie regulation will give website visitors more control over their privacy, yet businesses have serious concerns about the plan. Find out why website owners have resisted compliance with the UK cookie legislation, prompting the ICO to issue more guidance and warnings to nudge companies along. 

UK cookie legislation causes confusion for website owners
A survey of digital marketing professionals found most companies are still confused and angry about the requirements of the UK cookie law. In fact, some companies plan to take no action to comply with UK cookie law before the May 26, 2012, deadline.

A compliance strategy for the controversial cookie opt-in regulation
Businesses' concerns with the PECR cookie law include financial costs and possible loss of customers. Compliance expert Alan Calder offers a compliance strategy for organisations concerned about the cookie opt-in regulation.

A legal perspective on the EU cookie law
Lawyer Henrietta Neate looks at what the new EU cookie law entails from a legal perspective, including different ways website operators can ask for and obtain users’ consent for cookies.

Guide to auditing cookies for EU cookie compliance
Ready to take the first step toward compliance with the cookie law? Learn how to audit cookies on your site to find out where you are now in terms of EU cookie compliance.

Four steps to achieving compliance with PECR regulations
After you audit your website cookies, you’ll need to clean them up, and address a few other specific tasks. Alan Calder explains the key steps to take now to comply with the privacy and electronic communications regulations.

Businesses may leave Holland if EU cookie compliance law is adopted there
Website developers and online advertisers claim the cookie law could lead Web publishers to move operations elsewhere. For example, some Netherlands-based Web publishers may move operations to another EU state where the privacy directive is less strictly applied.

Read more on Regulatory compliance and standard requirements