Thousands of websites in breach of new cookie law

 
Computer hard drive The cookie laws were drawn up to help privacy on the web

Related Stories

Thousands of UK websites are now in breach of a law that dictates what they can log about visitors.

European laws that define what details sites can record in text files called cookies came into force on 26 May.

Cookies are widely used to customise what repeat visitors see on a site and by advertisers to track users online.

The Information Commissioner's Office (ICO) said it would offer help to non-compliant sites rather than take legal action against them.

Action plan

The regulations say websites must get "informed consent" from users before they record any detailed information in the cookies they store on visitors' computers.

Among websites that have complied with the law, getting consent has involved a pop-up box that explains the changes. Users are then asked to click to consent to having information recorded and told what will happen if they refuse.

UK firms have had 12 months to prepare for the change and the ICO has spent much of that time reminding businesses about their obligations.

The ICO has also updated its policy to allow organisations to use "implied consent" to comply. This means users do not have to make an explicit choice. Instead, their continued use of a site would be taken to mean they are happy for information to be gathered.

However, it was a "concern" for the ICO that so many sites were not yet compliant, said Dave Evans, group manager at the ICO who has led its work on cookies in the last 18 months. However, he added, it was not necessarily easy for companies to comply with the laws because of the amount of work it involved.

On busy sites, he said, an audit of current cookie practices could take time because of the sheer number of cookie files they regularly issue, monitor and update.

Mr Evans said the ICO was expecting sites that were not compliant to be able to demonstrate what work they had done in the last year to get ready.

Fines for non-compliance were unlikely to be levied, he said, because there was little risk that a non-compliant site would cause a serious breach of data protection laws that was likely to cause substantial damage and distress to a user.

It was planning to use formal undertakings or enforcement notices to make sites take action, he said.

"Those are setting out the steps we think they need to take in order to become compliant and when we expect them to be taking those steps," he said. "If they comply with one of those notices or sign one of those undertakings they are committing to doing this properly and that's the main point."

As well as advising firms, the ICO has also issued guidance to the public that explains what cookies are, how to change cookie settings and how to complain if they are worried about a site's policy.

 

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

Comments

This entry is now closed for comments

Jump to comments pagination
 
  • rate this
    0

    Comment number 175.

    @173

    My own comment; this is a warning to you all, A company keeps ringing me up claiming to be from “Microsoft” support, saying I have an issue with my PC, They ask me to type a command via “RUN” this displays core files that are a natural part of my OS, they say they are viruses, it's a scam do not do ANYTHING they ask you to do, this is why Ofcom needs to enfoce it's own rules.

  • rate this
    0

    Comment number 174.

    Why do these companies think they have an automatic right to my information, or to store anything on my computer?

  • rate this
    +2

    Comment number 173.

    @172.CarlRigby
    Sir, in relation to your comment about international cold calling, Ofcom has rules that are supposed to stop this from happening. The problem is that foreign companies, those working for UK companies use VOIP, and are supposed to display contact info yet do not, Ofcom is not doing its job thanks by the way Ofcom, I have family outside the UK so I have to pick up regardless.

  • rate this
    +2

    Comment number 172.

    AdBlock + block third-party cookies. Sorted.

    I'd love to stop cold calls from overseas tho. That would be useful.

  • rate this
    0

    Comment number 171.

    So if these commercial, big business sites are operating illegally and potentially causing illegal "damage" to our computers and privacy then, assuming no one is going to get hurt as a result, putting these sites out of action would be public spirited? This is, of course a question. Not an encouragement to anyone to do anything.

  • rate this
    0

    Comment number 170.

    Anyone that agrees to this new law about being informed about cookies will be agreeing to an annoying popup box on almost EVERY website you visit. You cannot buy anything online without the use of a cookie.

    It's like your TV asking permission to show you adverts every time you turn it on.

    Wouldn't it be much easier if the web browser asked if you wanted to use cookies. The EU is backward.

  • rate this
    0

    Comment number 169.

    Well there's always the delete button on spam and unwanted advertising

  • rate this
    0

    Comment number 168.

    Clearly this Directive was proposed after some EU Bureaucrat was caught out visiting web sites they'd not rather explain to their partner, after a "Remember Me" cookie was used.

    The directive as written is clunky, likely did not consult prominent web developers and will result in nagging, pop-up style messages.

    How long until we see fake "OK to Cookies" messages fooling users for nefarious ends?

  • rate this
    -1

    Comment number 167.

    It was a game of two halfs!

  • rate this
    -1

    Comment number 166.

    THE TORY RUN GOVERNMENT DOES NOT CARE IF IT MEETS THIS RULE INFACT ITS MORE INTRESTED IN BREAKING EVERY HUMAN RIGHT OUT THERE THAN PROTECTING ONE PERSON FROM THEIR GREED SELFISHNESS AND UTTER STUPIDITY

  • rate this
    -1

    Comment number 165.

    Another ridiculous rule pushed out by the EU which can't even manage its Eurozone finances.

  • rate this
    +2

    Comment number 164.

    Good.
    Shame it won't stop government spying.

  • rate this
    +2

    Comment number 163.

    I block ads - if my data or actions are of use to anyone then they are available at a price. I also block most flash content as I would like to choose if a video plays or not (Daily Telegraph take note).
    Also if I am looking at kettles (for example) what makes anyone think I want to see ads for them? I don't, I know what I need, when I need it and where to look for it.

  • rate this
    +2

    Comment number 162.

    dont mind cookies as such as they are a necessary time saver but do object to trackingand advertising cookies that plot my profile and target adds that i never look at

  • rate this
    -3

    Comment number 161.

    156.who2believe?
    Despite so many 'knowledgeable' web users thinking they are harmless they aren't. They track you, gain knowledge about you which they can sell on to other,
    -
    Some, rarely, are nefarious. So learn how to use your browser and BLOCK THEM!
    Why should millions of webmasters be forced to comply to a stupid rule in Europe simply because a surfer doesn't know how to use their own tech?!

  • rate this
    0

    Comment number 160.

    a pointless law considering every internet browser has the option to delete cookies after the session and if still don't feel happy download a free program called ccleaner to make sure. governments need to stop nursing people and start teaching people

  • rate this
    +3

    Comment number 159.

    I don't know how not to put cookies on my website if I am doing that! Is it my web host who puts them on? Anyway, they aren't always a bad thing, navigation would be difficult without them.

  • rate this
    0

    Comment number 158.

    For all those who welcome this because of adverts which try and promote things which may be of interest consider this. Many websites rely on the advertising revenue to keep going, stop the adverts and you may see websites you like and use disappear or forced to start charging you to view content.

  • rate this
    +5

    Comment number 157.

    Where is the EU on protection from malware and phishing? I am more bothered by "international" cold calling by phone that despite being TPS registered BT say I can't block.

    Cookies cannot read your browsing history - it is the websites you visit that store the information, the cookie is just the container. Most cookies just make websites more user friendly without causing any privacy issues.

  • rate this
    0

    Comment number 156.

    Despite so many 'knowledgeable' web users thinking they are harmless they aren't. They track you, gain knowledge about you which they can sell on to other, less than scrupulous people (both criminals and Govs - if you can tell them apart). However with so many sites (including Gov. sites) not being in compliance what is the ICO going to do? Have stern words? Can't see that having much effect.

 

Page 1 of 9

 

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.