Feeds

ICO warns: Just six months to comply with EC cookie rules

No 'wave of knee-jerk enforcement' come 26 May, tho

Business security measures using SSL

The Information Commissioner's Office won't begin enforcing the new cookies law for another six months yet - in the meantime, the regulator has issued a reminder to web outfits warning them to prepare to comply with the legislation.

On 25 May 2011, the implementation of the revised e-Privacy Directive passed with a whimper rather than a bang, after just two Member States issued a full notification to Brussels. The remaining 25 countries that make up the European Union failed to meet that deadline.

The UK at that point had offered Brussels officials partial notifications, despite the fact that the Commission had clearly stated that the implementation of all the measures detailed in the directive were required to be transposed into national law.

European Commissioner Viviane Reding told this reporter in June that she was surprised by how many member states had ignored the deadline for implementing the ePrivacy Directive, which included a requirement for businesses to be much more upfront about their use of cookies online.

"I always meet people who are astonished that Christmas is on the 25th of December. I always encounter governments that are astonished that a law that has been voted for two or three years before has to be applied on that date … That is not just on the cookies, but a general problem, which I have normally," she said.

"This decision doesn’t come out of the blue. That was the Council of Ministers plus the European Parliament who had done this together … You decide something, you apply it. If you don’t we bring the country to the court."

However, the UK government made the decision to effectively free up web owners from the burden of complying to the directive that required sites within the EU to obtain a visitor's consent to install a cookie in their browser, by deferring enforcement of the law for one year.

And now, Blighty's data protection watchdog is having another punt at playing the friendly policeman with website owners operating in the UK.

“The guidance we’ve issued today builds on the advice we’ve already set out, and now includes specific practical examples of what compliance might look like," said Information Commissioner Christopher Graham.

"We’re half way through the lead-in to formal enforcement of the rules. But, come 26 May next year, when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there.”

However, fines of up to £500,000 could be levied against those web outfits that fail to get their cookie-tracking in order come mid-2012.

“Our mid-term report can be summed up by the schoolteacher’s favourite clichés 'could do better' and 'must try harder.' Many people running websites will still be thinking that implementing the law is an impossible task," said Graham.

"But they now need to get to work. Over the last few months we’ve been speaking to and working with businesses and organisations that are getting on with it and setting the standard. My message to others is – if they can do it, why can’t you?"

He added that "prescriptive check lists" would not be issued by the ICO.

In May, the government confirmed it was working with Mozilla, Apple, Microsoft, Google, Yahoo, Adobe and the Internet Advertising Bureau to come up with a browser solution to obtaining users' consent.

At the time, it indicated that coming up with a browser setting that helped websites comply with the directive was - in part - the reason behind the ICO delaying enforcement for a year.

The ICO noted yesterday that: "Achieving compliance in relation to third party cookies is one of the most challenging areas," it said, thereby flagging up one of the main issues website owners have with the directive.

"The ICO is working with other European data protection authorities and the industry to assist in addressing the complexities and finding the right answers."

That comment seemed to suggest that it's now open season for any web outfits in the UK lobbying for tracking online behaviour without requesting consent just as the six-month countdown to compliance begins... ®

New hybrid storage solutions

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.