UK cookie law compliance takes effect today
Web operators, put down your BBQ forks! The ePrivacy Directive is here
From today the UK's Information Commissioner's Office will begin enforcing the EU's revised ePrivacy Directive that requires website owners to be upfront with their users about the information they collect.
The so-called cookie law was implemented on 25 May 2011 by Brussels officials, but getting the legislation transposed locally within the 27 member-states of the European Union has proved to be tricky, perplexing, disruptive, confusing and a bit of a mess, really.
Here in Blighty, the government made the decision to effectively free up web owners from the burden of complying to the directive by deferring policing of the law for one year. The law requires sites within the EU to obtain a visitor's consent before they install a cookie in their browser.
Time has now run out and from today the Information Commissioners Office will be enforcing the law and fining those web operators that are found to have violated the rules. A penalty of up to £500,000 could be imposed against those that fail to comply.
But the data protection watchdog has signalled it would take a gentle approach to enforcement and pointed out that very few companies would be slapped with a hefty fine for non-compliance.
The ICO's Dave Evans said yesterday:
We’ve been saying that we expect organisations to be on the path to compliance – which means that UK websites must provide visitors with sufficient information to make a decision on whether they are happy for a cookie to be placed on their device and obtain consent before placing a cookie.
The regulator has an updated version of its guidance for compliance here. It's probably worth reading between bites of ketchup-smeared cow. ®
Re: Bloody annoying
As far as I can see, if I don't accept a tracking cookie from a site I'll keep getting pop-ups telling me the site needs my permission to install cookies. Government mandated nagware, great...
Re: Bloody annoying
Also annoying is the fact that you accepted cookies is stored ... in a cookie.
So those of us who expire all cookies when the browser is closed (and have been doing so for years) have to agree every time we return to a site in a new browser session.
So how long before the "accepted cookies" cookie becomes the standard long term tracking method because it's the one cookie people are least likely to remove because of the annoyance factor?
Whats worse, the fact that cookies existed or the annoying little pop up boxes that now keep keep appearing telling us cookies are about?
Someone develop something that erases the little annoying pop ups please.
Does El Reg really think its compliant?
Interesting attempt by the Reg, but does it actually think that the bottom 'we're using cookies, we presume you're OK with that' banner makes it compliant?
Re: Bloody annoying
Maybe in the days of Netscape 4/IE 6 'something had to be done' but now every browser under the sun now comes with a reasonable set of cookie controls and if that's not enough there's Do Not Track which appears to be gaining traction and add-ons like ABP/NoScript/RequestPolicy et al...
This is why politicians shouldn't be allowed to legislate in technical matters. Just because they can't find the cookie options in the preferences dialog it doesn't mean that an area with a population of 400 million people + everyone who visits from outside that area should be badgered with fecking annoying pop ups saying 'ooh, we use a feature of HTTP headers that's been in use for about 15 years, are you really okay with that? By the way, if you can find the cookie controls, see you next time!'
And so the next popular add-on for browsers will be a technical solution which will identify the 'are you okay with that?' cookie and preserve it while disabling the rest or letting them get wiped when the browser closes.