EU Cookie Law – just 80 days to comply

Security cameraWebsites which target citizens of the UK (and, more broadly, the EU) have just 80 days to comply with the complex Privacy and Electronics Communications Regulations (also known as the e-Privacy or Cookies Directive) that requires prior user consent to be given before any data (e.g. cookies) can be stored on a remote user’s equipment. This law could have profound impact on many websites and site owners should take immediate action to understand their legal obligations and take whatever remedial action they deem necessary to stay within the terms of the law.

The legislation came into effect last year, on 26 May 2011, but the Information Commissioner graciously afforded all site owners “a 12 month lead-in period” to allow the necessary site changes to be implemented.

As a result, in just 80 days’ time, from 26 May 2012, the Information Commissioner will consider complaints about cookies in line with his normal approach to complaint handling under the Regulations.

At the most basic level, website owners should be able to demonstrate what steps they have taken and still plan to take to comply with the rules. Companies that are deemed to be in breach of the privacy law may face severe monetary penalties of as much as 5% of annual worldwide turnover.

For an example of how consent may be collected on sites, visit the ICO’s own site and examine the opt-in at the top of the page:

ICO Cookie opt-in window

Seek your own legal advice to ensure you understand your obligations correctly.

Further reading:

The Wall: Cookie legislation is the law, are brands ready?
Norton Rose (legal firm): Changes to cookies requirements in Europe
The Digital Marketer: New self-regulation for online behavioural advertisers in the EU
Department for Culture, Media and Sport: HMG response
Wikipedia: Directive on Privacy and Electronic Communications