Feeds

EU regulations to control web cookies

But will e-businesses follow the rules?

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

European laws due to come into force by the end of October will shake up the way businesses are allowed to use cookies on their Web sites.

The UK government has just finished its consultation period but already questions are being raised over the extent to which companies will comply with the new rules.

Under the privacy-related regulations companies will be obliged to tell surfers about the use of cookies and how they can delete or control them.

Shelagh Gaskill, a partner with international law firm Masons, explains: "The new law requires that a Web site operator clearly indicates to visitors that the site uses cookies or other tracking technologies and gives users the opportunity to reject them."

Cookies are small text files used by most commercial web sites. The files are sent from a web server to a web site user's computer and are stored on the user's hard drive, so that when the user visits the site again, the site will remember the user.

The DTI recently completed a public consultation on its draft Privacy and Electronic Communications (EC Directive) Regulations 2003. The Regulations, which are chiefly about spam but also cover the use of cookies, are to implement a European Directive in the UK before 31 October 2003.

Results of the consultation are expected later this month.

Cyberspace laws - more honoured in the breach

But patchy compliance with existing e-commerce laws, highlighted by a survey published last week, raises serious concerns about whether UK businesses will adhere to forthcoming regulations.

Most UK e-commerce sites do not comply with at least one basic legal requirement, according to a survey by on-line legal documents provider Clickdocs.

The company found that 95 per cent of the sites it looked at fail to provide a 'reasonable' level of customer service, 63 per cent breached distance selling rules and 72 per cent fail data protection requirements.

Clickdocs investigated a random selection of web sites from 20 different market segments, all selling on-line to UK consumers.

A site's ability to offer secure on-line methods of payment is crucial for its potential customers. While 93 per cent of sites surveyed are secure, the remainder are not, raising serious concerns about the possible risk of credit card fraud with those sites.

The researchers state that 63 per cent of sites are failing to comply with the Distance Selling Regulations. In most cases this means customers not being told how long it will take for items to be delivered, not being given details of how to cancel an order or sites charging unreasonable penalties for returns.

It is a mandatory requirement of any business that collects personal data about customers to be compliant with the Data Protection Act. This extends to e-commerce sites. But while 68 per cent of sites claim to be compliant, only 18 per cent are actually registered, say the researchers.

Several sites were found to be simply copying and pasting standard text from other sources. In at least two cases, registration numbers are quoted that do not exist. Consumers who use sites not fulfilling Data Protection requirements are at risk from unauthorised sharing of personal details.

The Data Protection Act also requires that customers be informed of what happens to any data collected. Only 51 per cent of sites were found to have any privacy statement.

And another thing

The Clickdocs research also highlighted that even the simplest identification requirements are lacking: 55 per cent of companies fail provide the name of the limited company or of the proprietor; 16 per cent give nothing but a Web site name; 12 per cent neglect to include a fixed line telephone number and ten per cent omit a dedicated e-mail address or rely on a response form for all communication.

Clickdocs also claims that 41 per cent of sites have "unsatisfactory" terms and conditions.

Jon Aslin, Director of Clickdocs, said: "Web site design and programming has improved enormously in the last few years. Our research highlights just how much effort has gone into ensuring sites look good and are easy to navigate (92 per cent are regarded as satisfactory in their overall appearance and ease of use).

"It is therefore surprising, and indeed disappointing, that the small amount of time and investment that is required to address the basic commercial and legal basics has not been spent to make UK e-commerce sites a positive experience for customers." ®

Related Links

The Government's consultation paper on the new law can be found here (PDF file)
Advice to businesses on dealing with cookies, by Masons

Related Stories

Web Bugs - Here Are the Rules
Privacy: US, full marks, Europe, null points - study
EU preps phase two of war on spam
UK.gov seeks input on anti-spam law
Spammers break law with covert tracking
Undetectable 'son of cookie' system wins grant
Spam out, cookies tolerated, data retention remains: EU

The essential guide to IT transformation

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer quits Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.