New European legislation due to be introduced this month means that retailers will have to get informed consent from visitors to their websites before using cookies to track their internet use. Previously the law on cookies said that retailers, and other UK businesses and organisations running a website in this country, had to allow customers to opt out, but now the onus is on retailers to explain their use of cookies, and any other ways they store and retrieve information on users’ computers, and get clear consent to it.
The law, which comes from an amendment to the EU’s Privacy and Electronic Communications Directive, comes into force on May 26. Today the Information Commissioner’s Office has published guidance on how UK businesses and organisations running UK websites can comply with it.
The ICO says organisations should consider what type of cookie or similar technology their website uses, what purpose it is used for, and how intrusive their use is. It also advises on what solution for obtaining consent will suit them.
The advice is intended to help them think about the practical steps they need to take in order to comply with the new law and will be supplemented as new ways to gain users’ consent are developed.
Information Commissioner Christopher Graham, said: “The advice we’ve issued today should help businesses and organisations to get on the road to compliance in a way that causes them – as well as UK consumers – minimal disruption.
“The implementation of this new legislation is challenging and involves significant technological considerations. That’s why we’ve already consulted a wide range of stakeholders. But we want to spread the net as wide as we can and would welcome further comments from others who have practical examples to share. This advice is very much a work in progress and doesn’t yet provide all of the answers.”
To find out more visit the Information Commissioner’s Office website at www.ico.gov.uk.
The amendments to the Privacy and Electronic Communications Regulations also grant other new powers to the ICO, including the power to fine organisations that make unwanted marketing phone calls up to £500,000. Further guidance on each of the new powers is currently being drawn up.
