New ‘cookie’ law will affect small business site owners

New regulations come into force on 25th May, which mean that websites of all sizes will be obliged to gain permission from their visitors to download cookies that collect information about their surfing habits.

The new rules, which will become law via amendments to the The Privacy and Electronic Communications Regulations (a.k.a. the ‘e-Privacy Directive’), will be policed by the Information Commission’s Office from next week. In theory, failure to comply could result in a fine of up to £500,000.

Although the new obligation on site owners became law in 2011, enforcement of the new rules was delayed by 12 months to allow businesses to put in place compliance measures.

From 25th May, all websites must get the express permission of all site visitors to download ‘cookies’, which are temporary files used to store information about users’ web activity. The cookie is transmitted from the site to a visitor’s computer and remains there to help the site remember the user’s browsing habits for subsequent visits.

Although using cookies has a multitude of important uses, such as allowing visitors to access a site without having to log on each time (by remembering username and password details), the new rules have been implemented after concerns that cookies are being used by companies to tailor the way advertising is displayed online.

Legal firm, EMW, provided the following three steps for website owners to take in order to prepare for the new rules:

1. Audit the cookies you currently use on your website.

2. Implement appropriate changes to ensure that you gain the consent of users for using cookies (e.g. create ‘pop-up’ banners to explicitly gain consent). The message should be easy to understand by all users.

3. Ensure that you have made these changes by 25th May 2012.

Matthew Holman, a solicitor at the firm, commented: “To be successful, businesses need to make sure that their website also remains user friendly.  That can be quite difficult to do when asking users for permission to use their personal data. To this end, collaboration between web designers and lawyers is important to ensure that the website meets the legal requirements whilst remaining pleasing to the eye and user friendly.”

However, despite the tough aims of the new legislation, it seems highly likely that the new rules will be hard to enforce, especially as a recent report claims that most Government sites won’t even meet the e-Privacy deadline.

You can read the full background to the new rules on the ICO website, although the Directive is explained in a far simpler way in this BBC article.

Bytestart Limited

Comments are closed.