Thousands of websites in breach of new cookie law

Computer hard drive The cookie laws were drawn up to help privacy on the web

Related Stories

Thousands of UK websites are now in breach of a law that dictates what they can log about visitors.

European laws that define what details sites can record in text files called cookies came into force on 26 May.

Cookies are widely used to customise what repeat visitors see on a site and by advertisers to track users online.

The Information Commissioner's Office (ICO) said it would offer help to non-compliant sites rather than take legal action against them.

Action plan

The regulations say websites must get "informed consent" from users before they record any detailed information in the cookies they store on visitors' computers.

Among websites that have complied with the law, getting consent has involved a pop-up box that explains the changes. Users are then asked to click to consent to having information recorded and told what will happen if they refuse.

UK firms have had 12 months to prepare for the change and the ICO has spent much of that time reminding businesses about their obligations.

The ICO has also updated its policy to allow organisations to use "implied consent" to comply. This means users do not have to make an explicit choice. Instead, their continued use of a site would be taken to mean they are happy for information to be gathered.

However, it was a "concern" for the ICO that so many sites were not yet compliant, said Dave Evans, group manager at the ICO who has led its work on cookies in the last 18 months. However, he added, it was not necessarily easy for companies to comply with the laws because of the amount of work it involved.

On busy sites, he said, an audit of current cookie practices could take time because of the sheer number of cookie files they regularly issue, monitor and update.

Mr Evans said the ICO was expecting sites that were not compliant to be able to demonstrate what work they had done in the last year to get ready.

Fines for non-compliance were unlikely to be levied, he said, because there was little risk that a non-compliant site would cause a serious breach of data protection laws that was likely to cause substantial damage and distress to a user.

It was planning to use formal undertakings or enforcement notices to make sites take action, he said.

"Those are setting out the steps we think they need to take in order to become compliant and when we expect them to be taking those steps," he said. "If they comply with one of those notices or sign one of those undertakings they are committing to doing this properly and that's the main point."

As well as advising firms, the ICO has also issued guidance to the public that explains what cookies are, how to change cookie settings and how to complain if they are worried about a site's policy.


More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites


This entry is now closed for comments

Jump to comments pagination
  • rate this

    Comment number 55.

    You can of course disable cookies - it's one of those obscure options hidden under the tools or settings menus. The trouble is nearly every web site, including this one, requires you to have cookies enabled.

    But Mark (50) is right - this new law is completely unenforceable. I don't expect we will be seeing web site admins dragged off in handcuffs - the law will just be quietly forgotten.

  • rate this

    Comment number 54.

    The small local website that I manage uses session cookies to track logins, (it wont work without them) It also uses them in the counter to detect repeat visitors so i can track usage patterns.

    There has always been a bit about cookies in the privacy policy I will now have to add it to the signup page too

  • rate this

    Comment number 53.

    I'm with the French attitude on this one.
    Any piece of rubbish spewing forth from the EU that the French don't agree with, they just ignore.
    So let's ignore it.

  • rate this

    Comment number 52.

    This new law is a joke. It doesn't protect anyone and doesn't go after those who were originally the cause of the law. Google gets off scott-free whereas I have to waste my time annoying my site visitors, making them click to agree to the use of cookies. Another nanny state law.

    I don't know why we don't just ignore this like most other EU countries, we always make a rod for our own back.

  • rate this

    Comment number 51.

    to 11 Matt - I know EXACTLY how, why & where cookies are used. So - please - just ask me if it's ok for you to collect, store & data-mine my information - OK?? Please???

  • rate this

    Comment number 50.

    As a web developer I can say this is one of the most useless, unenforceable laws I've ever seen.

    90% of website owners don't know or care what it is. Lets just hope we don't see SMEs waste millions at the hands of rogue scaremongering developers and tech solicitors.

  • rate this

    Comment number 49.

    At the end of the day, provided the cookies aren't misused for nefarious reasons, I really don't care. What I do care about is abuse of personal data - where, if the data subjects actually knew about it, they would be extrememly unlikely to give informed consent. Think about the test "If it's raining and I borrowed your brolly with the intention of giving it back, will I be judged as a theif"...

  • rate this

    Comment number 48.

    Firefox 13 (beta on Apple snow leopard version) that I am using has extensive privacy, anti cookie and anti tracking provisions which can be turned on or off so choice is possible (if they are effective) So just check you browser privacy choices

    If netzines use these no doubt a war will develop between the commercial 'trolls' and the 'innocent' users to break and mend them.

  • rate this

    Comment number 47.

    @Boris Roach
    "So why do I pay my ISP £20/month ? and the BBC £135 a year just to use this website?"

    You pay your ISP to provide you with a connection to the internet, or the ability to request webpages to view. The websites have to pay to host the webpages, adverts usually pay for this. In the same way you buy a freeview box but get free channels to watch. Who do you think pays for those?

  • rate this

    Comment number 46.

    ICO Cookies Guidance:

    "Although the Information Commissioner cannot completely exclude the possibility of formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals."

    In other words: A nod and a wink.....never mind all the money we spent. Farcical.

  • rate this

    Comment number 45.

    I'm not sure how they intended this to work. Of course they didn't give a moments thought to the practicalities. Even if a site is hosted in the UK it is likely to be using frameworks and services designed without regard to regional laws and which use cookies for analytics, ad tracking, preferences etc.

    You would have to be a very large site to warrant implementation per country. So most won't.

  • rate this

    Comment number 44.

    For all of you complaining about adverts:
    Ads make the internet free to use (mostly).

    So why do I pay my ISP £20/month ? and the BBC £135 a year just to use this website?

  • rate this

    Comment number 43.


    Oh come on, if the UK govt had put this forward you'd be perfectly happy. Your problem is ideological opposition to the EU!

    Sadly the UK govt is so in hock to big business it simply wouldn't have dared to do it!

  • rate this

    Comment number 42.

    My approach to privacy is to encourage others to use my name on the Internet for social networking sites etc. There's a lot of information out there about me and most of it is wrong.

    @JG9585: Ads aren't free. Think.

    @Richard C: Not opting out is not granting permission. Otherwise you owe me 10% of wages unless you opt out by visiting Blackpool Tower on Sunday at 2 a.m. wearing a leopard costume.

  • rate this

    Comment number 41.

    its nice to see the law makers addressing society's most important issues.

    while we all get raped by the banks.

  • rate this

    Comment number 40.

    Most people don't understand what cookies are or their importance to a site. Yes advertisers use them to track the content you visit but the vast majority of cookie implementation is to let the site know who you are, sites need this when for example you log in to their service. If you want to get an idea about how they are used then disable them in your settings and have a roam about.

  • rate this

    Comment number 39.

    For all of you complaining about adverts:

    Ads make the internet free to use (mostly).

    Sites that you probably use all the time (YouTube, Facebook etc) are free because of ad revenue.

    If you all use AdBlock - you either lose most websites on the internet OR you'd have to pay for them (and you'd have to pay a lot)

    So weigh it up - For the inconvenience of a few ads, you get EVERYTHING for free

  • rate this

    Comment number 38.

    So the EU is concerned about the tracking and collection of cookie data, and yet our government is going to record every facebook message, email, msn conversation and be able to access these on tap, and in real-time?

    It beggars belief. Along with the anti-piracy crackdown, we need to stand up for our internet freedoms.

    But yes, another pointless EU law forced upon the UK.

  • rate this

    Comment number 37.

    To 15 "If you want something out (revenue) you have to (1) put the work in and (2) ask my permission."

    Businesses have had your permission. All of the major browsers have the ability to disable cookies for years. Even phones I've owned since around 2003 (including WAP) have had this ability.

    Why does it seem ignorance is now an acceptable excuse for shifting responsibility?

  • rate this

    Comment number 36.

    @Dan Brown: Mozilla is only non-profit in the sense that profit-making companies set up non-profit subsidiaries or even higher-level holding companies for tax advantages. The fact is that Mozilla as a complete entity (ignoring the artificial distinction between the Foundation and the Corporation) makes a great deal of money, especially from its advertising agreement with Google.


Page 7 of 9


More Technology stories



BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.