Feeds

EU regulations to control web cookies

But will e-businesses follow the rules?

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

European laws due to come into force by the end of October will shake up the way businesses are allowed to use cookies on their Web sites.

The UK government has just finished its consultation period but already questions are being raised over the extent to which companies will comply with the new rules.

Under the privacy-related regulations companies will be obliged to tell surfers about the use of cookies and how they can delete or control them.

Shelagh Gaskill, a partner with international law firm Masons, explains: "The new law requires that a Web site operator clearly indicates to visitors that the site uses cookies or other tracking technologies and gives users the opportunity to reject them."

Cookies are small text files used by most commercial web sites. The files are sent from a web server to a web site user's computer and are stored on the user's hard drive, so that when the user visits the site again, the site will remember the user.

The DTI recently completed a public consultation on its draft Privacy and Electronic Communications (EC Directive) Regulations 2003. The Regulations, which are chiefly about spam but also cover the use of cookies, are to implement a European Directive in the UK before 31 October 2003.

Results of the consultation are expected later this month.

Cyberspace laws - more honoured in the breach

But patchy compliance with existing e-commerce laws, highlighted by a survey published last week, raises serious concerns about whether UK businesses will adhere to forthcoming regulations.

Most UK e-commerce sites do not comply with at least one basic legal requirement, according to a survey by on-line legal documents provider Clickdocs.

The company found that 95 per cent of the sites it looked at fail to provide a 'reasonable' level of customer service, 63 per cent breached distance selling rules and 72 per cent fail data protection requirements.

Clickdocs investigated a random selection of web sites from 20 different market segments, all selling on-line to UK consumers.

A site's ability to offer secure on-line methods of payment is crucial for its potential customers. While 93 per cent of sites surveyed are secure, the remainder are not, raising serious concerns about the possible risk of credit card fraud with those sites.

The researchers state that 63 per cent of sites are failing to comply with the Distance Selling Regulations. In most cases this means customers not being told how long it will take for items to be delivered, not being given details of how to cancel an order or sites charging unreasonable penalties for returns.

It is a mandatory requirement of any business that collects personal data about customers to be compliant with the Data Protection Act. This extends to e-commerce sites. But while 68 per cent of sites claim to be compliant, only 18 per cent are actually registered, say the researchers.

Several sites were found to be simply copying and pasting standard text from other sources. In at least two cases, registration numbers are quoted that do not exist. Consumers who use sites not fulfilling Data Protection requirements are at risk from unauthorised sharing of personal details.

The Data Protection Act also requires that customers be informed of what happens to any data collected. Only 51 per cent of sites were found to have any privacy statement.

And another thing

The Clickdocs research also highlighted that even the simplest identification requirements are lacking: 55 per cent of companies fail provide the name of the limited company or of the proprietor; 16 per cent give nothing but a Web site name; 12 per cent neglect to include a fixed line telephone number and ten per cent omit a dedicated e-mail address or rely on a response form for all communication.

Clickdocs also claims that 41 per cent of sites have "unsatisfactory" terms and conditions.

Jon Aslin, Director of Clickdocs, said: "Web site design and programming has improved enormously in the last few years. Our research highlights just how much effort has gone into ensuring sites look good and are easy to navigate (92 per cent are regarded as satisfactory in their overall appearance and ease of use).

"It is therefore surprising, and indeed disappointing, that the small amount of time and investment that is required to address the basic commercial and legal basics has not been spent to make UK e-commerce sites a positive experience for customers." ®

Related Links

The Government's consultation paper on the new law can be found here (PDF file)
Advice to businesses on dealing with cookies, by Masons

Related Stories

Web Bugs - Here Are the Rules
Privacy: US, full marks, Europe, null points - study
EU preps phase two of war on spam
UK.gov seeks input on anti-spam law
Spammers break law with covert tracking
Undetectable 'son of cookie' system wins grant
Spam out, cookies tolerated, data retention remains: EU

Security for virtualized datacentres

More from The Register

next story
Hey, Scots. Microsoft's Bing thinks you'll vote NO to independence
World's top Google-finding website calls it for the UK
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.