On 26 May 2011 the law regarding the use of cookies on websites changed. Organisations which use these devices will want to ensure that they are aware of the amendments, and what they need to do to ensure that they comply with them.
What are cookies?
A cookie is a small file of letters and numbers downloaded on to a computer when the user accesses certain websites. A cookie allows a website to recognise a user’s device and previous settings. There are similar files for mobile devices. For more information on cookies see: http://www.allaboutcookies.org/
How has the law changed?
Previously the law required organisations which used cookies to inform visitors how the cookies on their website were being used, and how they could opt out of their use. Most organisations complied with these requirements by adding appropriate wording to their website terms and conditions.
Now the e-Privacy Directive, implemented in the UK via the amended Privacy and Electronic Communications Regulations 2003 (regulation 6), requires an organisation to obtain consent before using cookies. There is a narrow exception to this rule which means that consent is not needed where cookies are “strictly necessary” for a service requested by the subscriber or user.
The Information Commissioner will be enforcing the new law, and has the power to impose a fine of up to £500,000 for serious non-compliance with the Regulations.
Implementation of the changes
The government is currently working with browser operators to try and find a technological solution to the obtaining of consent by a user. The government envisagesthat, in the future, users should be able to consent to cookies by opting in to them by amending or setting controls on their browser, rather than reacting to every cookie. However, the technology to enable this is still a work in progress and so the government has announced that there should be a phased approach to the implementation of these changes.
The Information Commissioner has therefore indicated that, should his office receive a complaint about a website, it would expect that organisation to be aware of the changes and have a plan to achieve compliance, rather than full compliance until May 2012.
Steps to take
The Information Commissioner has issued guidance which states that organisations which use cookies should now take the following steps:
- Check what type of cookies are used, and how they are used.
Carry out an audit of the website and categorise cookies which are strictly necessary and those which will need consent. There may be some cookies which are no longer needed and can be removed.
- Assess how intrusive the use of cookies is
The new law is intended to add to the level of protection afforded to the privacy of internet users. Some cookies are more intrusive than others and the more intrusive the activity, the more priority will need to be given to obtaining meaningful consent.
- Decide what solution to obtain consent will be best in all the circumstances
Once an organisation has carried out an audit and is aware of how many cookies it uses, and for what purposes, it will need to decide the best method for gaining consent.
The full guidance can be found here http://www.ico.gov.uk/~/media/documents/library/
Privacy_and_electronic/Practical_application/advice_on_the_new_cookies_regulations.ashx
The new law applies to public authorities using cookies to assist browsing as much as it does to businesses.
Please contact us if you have any questions about the issues raised in this document.
|
John Trotter |
j.trotter@bwbllp.com |
020 7551 7707 |
|
Rupert Earle |
r.earle@bwbllp.com |
020 7551 7609 |
|
Melanie Carter |
m.carter@bwbllp.com |
020 7551 7610 |
|
Lawrence Simanowitz |
l.simanowitz@bwbllp.com |
020 5771 7763 |
|
Selman Ansari |
s.ansari@bwbllp.com |
020 7551 7784 |
|
Dinah Tuck |
d.tuck@bwbllp.com |
020 7551 7749 |
|
Stuart Marchant |
s.marchant@bwbllp.com |
020 7551 7652 |
|
Lisa Marie Roca |
lm.roca@bwbllp.com |
020 7551 7608 |
