Change to law on cookies

Website operators should take note that new legislation has come in to force that will change the law on "cookies" . The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 came in to force on 26th May 2011 and amends the regime governing when cookies can be used by website operators. Cookies are text files stored by a website on an internet user’s hard drive that identify that user and keep track of that user’s activity on the website. They can be necessary to ensure website functionality, however they are often used by advertisers to build up a picture of what a person is visiting so that advertising can be targeted to them.

Currently, the UK has an ‘opt out’ approach in relation to cookies. This means that cookies are generally enabled on user’s computers, but under e-privacy and data protection legislation users must be told when cookies are being used and should be provided with information about how to change their browser settings so that they can decline cookies. The new E-Privacy Regulations will instead introduce an "opt in" system. It states that users must give “his or her consent” to the use of cookies, which suggests that website operators must not use cookies unless the user has specifically ticked a box or consented in some other way to their use.

The introduction of the new regime has led to concerns that it may be unduly onerous and may disrupt the services of online providers. In an attempt to respond to these concerns, the government has inserted a new regulation into the legislation which provides that consent to the setting of cookies "may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent". This might in the long term allow website operators to take advantage of changes in technology so they don’t have to require express consent in each case. However, the government has said that in its current opinion existing browser settings are not capable of ensuring compliance with the revised consent requirements so this does not appear to offer a less onerous alternative in the short term. The government has formed a working group with representatives from the browser manufacturers to see if browsers can be enhanced to meet the requirements of the new regime.

The information commissioner has issued guidance and acknowledge it maybe difficult for businesses to comply at this stage. A copy of the ICO guidance can be found at: http://www.ico.gov.uk/

Beverley Flynn, data protection partner at Stevens & Bolton LLP, commented:

"It is unusual that the law is for once ahead of the technology and businesses may have to look to innovative forms of technology to assist them."
 

Contact our experts for further advice

Beverley Flynn

Search our site