Feeds

ICO warns: Just six months to comply with EC cookie rules

No 'wave of knee-jerk enforcement' come 26 May, tho

Remote control for virtualized desktops

The Information Commissioner's Office won't begin enforcing the new cookies law for another six months yet - in the meantime, the regulator has issued a reminder to web outfits warning them to prepare to comply with the legislation.

On 25 May 2011, the implementation of the revised e-Privacy Directive passed with a whimper rather than a bang, after just two Member States issued a full notification to Brussels. The remaining 25 countries that make up the European Union failed to meet that deadline.

The UK at that point had offered Brussels officials partial notifications, despite the fact that the Commission had clearly stated that the implementation of all the measures detailed in the directive were required to be transposed into national law.

European Commissioner Viviane Reding told this reporter in June that she was surprised by how many member states had ignored the deadline for implementing the ePrivacy Directive, which included a requirement for businesses to be much more upfront about their use of cookies online.

"I always meet people who are astonished that Christmas is on the 25th of December. I always encounter governments that are astonished that a law that has been voted for two or three years before has to be applied on that date … That is not just on the cookies, but a general problem, which I have normally," she said.

"This decision doesn’t come out of the blue. That was the Council of Ministers plus the European Parliament who had done this together … You decide something, you apply it. If you don’t we bring the country to the court."

However, the UK government made the decision to effectively free up web owners from the burden of complying to the directive that required sites within the EU to obtain a visitor's consent to install a cookie in their browser, by deferring enforcement of the law for one year.

And now, Blighty's data protection watchdog is having another punt at playing the friendly policeman with website owners operating in the UK.

“The guidance we’ve issued today builds on the advice we’ve already set out, and now includes specific practical examples of what compliance might look like," said Information Commissioner Christopher Graham.

"We’re half way through the lead-in to formal enforcement of the rules. But, come 26 May next year, when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there.”

However, fines of up to £500,000 could be levied against those web outfits that fail to get their cookie-tracking in order come mid-2012.

“Our mid-term report can be summed up by the schoolteacher’s favourite clichés 'could do better' and 'must try harder.' Many people running websites will still be thinking that implementing the law is an impossible task," said Graham.

"But they now need to get to work. Over the last few months we’ve been speaking to and working with businesses and organisations that are getting on with it and setting the standard. My message to others is – if they can do it, why can’t you?"

He added that "prescriptive check lists" would not be issued by the ICO.

In May, the government confirmed it was working with Mozilla, Apple, Microsoft, Google, Yahoo, Adobe and the Internet Advertising Bureau to come up with a browser solution to obtaining users' consent.

At the time, it indicated that coming up with a browser setting that helped websites comply with the directive was - in part - the reason behind the ICO delaying enforcement for a year.

The ICO noted yesterday that: "Achieving compliance in relation to third party cookies is one of the most challenging areas," it said, thereby flagging up one of the main issues website owners have with the directive.

"The ICO is working with other European data protection authorities and the industry to assist in addressing the complexities and finding the right answers."

That comment seemed to suggest that it's now open season for any web outfits in the UK lobbying for tracking online behaviour without requesting consent just as the six-month countdown to compliance begins... ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
Yes, Virginia, there IS a W3C HTML5 standard – as of now, that is
You asked for it! You begged for it! Then you gave up! And now it's HERE!
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.