Thousands of websites in breach of new cookie law

 
Computer hard drive The cookie laws were drawn up to help privacy on the web

Related Stories

Thousands of UK websites are now in breach of a law that dictates what they can log about visitors.

European laws that define what details sites can record in text files called cookies came into force on 26 May.

Cookies are widely used to customise what repeat visitors see on a site and by advertisers to track users online.

The Information Commissioner's Office (ICO) said it would offer help to non-compliant sites rather than take legal action against them.

Action plan

The regulations say websites must get "informed consent" from users before they record any detailed information in the cookies they store on visitors' computers.

Among websites that have complied with the law, getting consent has involved a pop-up box that explains the changes. Users are then asked to click to consent to having information recorded and told what will happen if they refuse.

UK firms have had 12 months to prepare for the change and the ICO has spent much of that time reminding businesses about their obligations.

The ICO has also updated its policy to allow organisations to use "implied consent" to comply. This means users do not have to make an explicit choice. Instead, their continued use of a site would be taken to mean they are happy for information to be gathered.

However, it was a "concern" for the ICO that so many sites were not yet compliant, said Dave Evans, group manager at the ICO who has led its work on cookies in the last 18 months. However, he added, it was not necessarily easy for companies to comply with the laws because of the amount of work it involved.

On busy sites, he said, an audit of current cookie practices could take time because of the sheer number of cookie files they regularly issue, monitor and update.

Mr Evans said the ICO was expecting sites that were not compliant to be able to demonstrate what work they had done in the last year to get ready.

Fines for non-compliance were unlikely to be levied, he said, because there was little risk that a non-compliant site would cause a serious breach of data protection laws that was likely to cause substantial damage and distress to a user.

It was planning to use formal undertakings or enforcement notices to make sites take action, he said.

"Those are setting out the steps we think they need to take in order to become compliant and when we expect them to be taking those steps," he said. "If they comply with one of those notices or sign one of those undertakings they are committing to doing this properly and that's the main point."

As well as advising firms, the ICO has also issued guidance to the public that explains what cookies are, how to change cookie settings and how to complain if they are worried about a site's policy.

 

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

Comments

This entry is now closed for comments

Jump to comments pagination
 
  • rate this
    0

    Comment number 15.

    to 12 wrong-or-right:

    Unproductive for whom? You? Me? What will you do with MY information you collect, share & generate revenue from (your words, not mine)

    If you want something out (revenue) you have to (1) put the work in and (2) ask my permission.

    Unproductive? I think not!

    If you don't want to do the work then remove your cookies

  • rate this
    -5

    Comment number 14.

    Does this mean that when I buy something on Ebay, Amazon won't be able to advertise the same item to me after the event? How stupid is that?

  • rate this
    -2

    Comment number 13.

    Good there is too much tolerance of the "tacit agreement" element in consumer law, asking permission should always be the default position not an idiotic "opt out" Cookie data gathering is pernicious and contravenes goodness knows how many data protection laws as it stand today. Don't forget though the Tory boys think we're merely fodder for the "glorious, infallible market" Stuff 'em!

  • rate this
    +5

    Comment number 12.

    I have almost completed my main company website and took two days and that after finding free code. Cookies have still to be fully identified.
    Still to do three other websites that we have. This is totally unproductive, will hinder online information sharing and revenue generation.
    If web Users are concerned about tracking, then they should stop cookies in their browser with exceptions.

  • rate this
    +12

    Comment number 11.

    Cookies are used primarily to set what is know as 'state' in the web-sites you visit. This is how the site knows that the same person is looking at pages A, B and C. They are usually benign and not intrusive. Forcing sites to announce the use of cookies in the normal operation of the site is just going to confuse non-technical users and drive DOWN traffic. As always, the nanny state has NO CLUE!

  • rate this
    +5

    Comment number 10.

    The Internet is a public place. When we are on line, we are out in the world, although it is easy to persuade ourselves that we are still in the privacy of our own home.
    If we behave on the Net as if we were in the High Street, what do we have to fear?

  • rate this
    +20

    Comment number 9.

    3 RabidRaccoon
    "I just want to say no ads at all ever."

    AdBlock. Possibly the best addition to the internet since the search engine. Amazed by how few people use it though.

  • rate this
    +5

    Comment number 8.

    This law will be ignored by 90% of businesses. It's unworkable, vague, and unenforceable.

    If they had a brain, they would have forced this law on web browsers, not businesses. That would achieve the same result, without businesses having to do any work.

    Most websites use Content Management Systems, making it more than trivial to create a cookie manager.

    Vote anyone but the Conservatives.

  • rate this
    +9

    Comment number 7.

    A lot of advice on how to obtain consent, but none on how to record that someone does not give consent. The obvious way to record such a choice would be to use a cookie! I am required to obtain consent from anonymous visitors to use a cookie to record their text size choice. Logically, I also need to use a cookie to record their choice about using cookies, and so an infinitum...

  • rate this
    +10

    Comment number 6.

    Until now I hadn't really been concerned and because I, personally, haven't created any cookies, I thought it was all fine. But because I use analytics, some affiliate advertising, and a facebook "like" button, am I in breach of the regs unless I start putting opt-in notices? And, if that's the case, as a luddite how would I go about doing it.

    Insane.

  • rate this
    -8

    Comment number 5.

    What? A law that's actually in the public's best interests? Well I never!

  • rate this
    +3

    Comment number 4.

    I've written a blog post about this law and why it's flawed, and ridiculous. The EU is taking a step backwards while the rest of the world is moving forwards, bringing in a law that most (95%+?) people won't understand or care about. Surely there's more pressing matters than introducing a law that technology catered for well over 10 years ago!

  • rate this
    -1

    Comment number 3.

    I've had sites tell me they use cookies, but finding where to deal with your preferences, etc is either not available or requires Einstein to find and edit it. If you try to disable anything you get threatening messages saying you won't be able to use the site properly, which is pointless. My business website doesn't use cookies and never has. I just want to say no ads at all ever.

  • rate this
    -6

    Comment number 2.

    yummmm, cookies!

  • Comment number 1.

    This comment was removed because the moderators found it broke the house rules. Explain.

 

Page 9 of 9

 

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.