Feeds

EU regulations to control web cookies

But will e-businesses follow the rules?

  • alert
  • submit to reddit

Security for virtualized datacentres

European laws due to come into force by the end of October will shake up the way businesses are allowed to use cookies on their Web sites.

The UK government has just finished its consultation period but already questions are being raised over the extent to which companies will comply with the new rules.

Under the privacy-related regulations companies will be obliged to tell surfers about the use of cookies and how they can delete or control them.

Shelagh Gaskill, a partner with international law firm Masons, explains: "The new law requires that a Web site operator clearly indicates to visitors that the site uses cookies or other tracking technologies and gives users the opportunity to reject them."

Cookies are small text files used by most commercial web sites. The files are sent from a web server to a web site user's computer and are stored on the user's hard drive, so that when the user visits the site again, the site will remember the user.

The DTI recently completed a public consultation on its draft Privacy and Electronic Communications (EC Directive) Regulations 2003. The Regulations, which are chiefly about spam but also cover the use of cookies, are to implement a European Directive in the UK before 31 October 2003.

Results of the consultation are expected later this month.

Cyberspace laws - more honoured in the breach

But patchy compliance with existing e-commerce laws, highlighted by a survey published last week, raises serious concerns about whether UK businesses will adhere to forthcoming regulations.

Most UK e-commerce sites do not comply with at least one basic legal requirement, according to a survey by on-line legal documents provider Clickdocs.

The company found that 95 per cent of the sites it looked at fail to provide a 'reasonable' level of customer service, 63 per cent breached distance selling rules and 72 per cent fail data protection requirements.

Clickdocs investigated a random selection of web sites from 20 different market segments, all selling on-line to UK consumers.

A site's ability to offer secure on-line methods of payment is crucial for its potential customers. While 93 per cent of sites surveyed are secure, the remainder are not, raising serious concerns about the possible risk of credit card fraud with those sites.

The researchers state that 63 per cent of sites are failing to comply with the Distance Selling Regulations. In most cases this means customers not being told how long it will take for items to be delivered, not being given details of how to cancel an order or sites charging unreasonable penalties for returns.

It is a mandatory requirement of any business that collects personal data about customers to be compliant with the Data Protection Act. This extends to e-commerce sites. But while 68 per cent of sites claim to be compliant, only 18 per cent are actually registered, say the researchers.

Several sites were found to be simply copying and pasting standard text from other sources. In at least two cases, registration numbers are quoted that do not exist. Consumers who use sites not fulfilling Data Protection requirements are at risk from unauthorised sharing of personal details.

The Data Protection Act also requires that customers be informed of what happens to any data collected. Only 51 per cent of sites were found to have any privacy statement.

And another thing

The Clickdocs research also highlighted that even the simplest identification requirements are lacking: 55 per cent of companies fail provide the name of the limited company or of the proprietor; 16 per cent give nothing but a Web site name; 12 per cent neglect to include a fixed line telephone number and ten per cent omit a dedicated e-mail address or rely on a response form for all communication.

Clickdocs also claims that 41 per cent of sites have "unsatisfactory" terms and conditions.

Jon Aslin, Director of Clickdocs, said: "Web site design and programming has improved enormously in the last few years. Our research highlights just how much effort has gone into ensuring sites look good and are easy to navigate (92 per cent are regarded as satisfactory in their overall appearance and ease of use).

"It is therefore surprising, and indeed disappointing, that the small amount of time and investment that is required to address the basic commercial and legal basics has not been spent to make UK e-commerce sites a positive experience for customers." ®

Related Links

The Government's consultation paper on the new law can be found here (PDF file)
Advice to businesses on dealing with cookies, by Masons

Related Stories

Web Bugs - Here Are the Rules
Privacy: US, full marks, Europe, null points - study
EU preps phase two of war on spam
UK.gov seeks input on anti-spam law
Spammers break law with covert tracking
Undetectable 'son of cookie' system wins grant
Spam out, cookies tolerated, data retention remains: EU

Choosing a cloud hosting partner with confidence

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.