Original URL: https://www.theregister.com/2003/08/11/eu_regulations_to_control_web/

EU regulations to control web cookies

But will e-businesses follow the rules?

By John Leyden

Posted in Legal, 11th August 2003 15:33 GMT

European laws due to come into force by the end of October will shake up the way businesses are allowed to use cookies on their Web sites.

The UK government has just finished its consultation period but already questions are being raised over the extent to which companies will comply with the new rules.

Under the privacy-related regulations companies will be obliged to tell surfers about the use of cookies and how they can delete or control them.

Shelagh Gaskill, a partner with international law firm Masons, explains: "The new law requires that a Web site operator clearly indicates to visitors that the site uses cookies or other tracking technologies and gives users the opportunity to reject them."

Cookies are small text files used by most commercial web sites. The files are sent from a web server to a web site user's computer and are stored on the user's hard drive, so that when the user visits the site again, the site will remember the user.

The DTI recently completed a public consultation on its draft Privacy and Electronic Communications (EC Directive) Regulations 2003. The Regulations, which are chiefly about spam but also cover the use of cookies, are to implement a European Directive in the UK before 31 October 2003.

Results of the consultation are expected later this month.

Cyberspace laws - more honoured in the breach

But patchy compliance with existing e-commerce laws, highlighted by a survey published last week, raises serious concerns about whether UK businesses will adhere to forthcoming regulations.

Most UK e-commerce sites do not comply with at least one basic legal requirement, according to a survey by on-line legal documents provider Clickdocs.

The company found that 95 per cent of the sites it looked at fail to provide a 'reasonable' level of customer service, 63 per cent breached distance selling rules and 72 per cent fail data protection requirements.

Clickdocs investigated a random selection of web sites from 20 different market segments, all selling on-line to UK consumers.

A site's ability to offer secure on-line methods of payment is crucial for its potential customers. While 93 per cent of sites surveyed are secure, the remainder are not, raising serious concerns about the possible risk of credit card fraud with those sites.

The researchers state that 63 per cent of sites are failing to comply with the Distance Selling Regulations. In most cases this means customers not being told how long it will take for items to be delivered, not being given details of how to cancel an order or sites charging unreasonable penalties for returns.

It is a mandatory requirement of any business that collects personal data about customers to be compliant with the Data Protection Act. This extends to e-commerce sites. But while 68 per cent of sites claim to be compliant, only 18 per cent are actually registered, say the researchers.

Several sites were found to be simply copying and pasting standard text from other sources. In at least two cases, registration numbers are quoted that do not exist. Consumers who use sites not fulfilling Data Protection requirements are at risk from unauthorised sharing of personal details.

The Data Protection Act also requires that customers be informed of what happens to any data collected. Only 51 per cent of sites were found to have any privacy statement.

And another thing

The Clickdocs research also highlighted that even the simplest identification requirements are lacking: 55 per cent of companies fail provide the name of the limited company or of the proprietor; 16 per cent give nothing but a Web site name; 12 per cent neglect to include a fixed line telephone number and ten per cent omit a dedicated e-mail address or rely on a response form for all communication.

Clickdocs also claims that 41 per cent of sites have "unsatisfactory" terms and conditions.

Jon Aslin, Director of Clickdocs, said: "Web site design and programming has improved enormously in the last few years. Our research highlights just how much effort has gone into ensuring sites look good and are easy to navigate (92 per cent are regarded as satisfactory in their overall appearance and ease of use).

"It is therefore surprising, and indeed disappointing, that the small amount of time and investment that is required to address the basic commercial and legal basics has not been spent to make UK e-commerce sites a positive experience for customers." ®

Related Links

The Government's consultation paper on the new law can be found here (PDF file)
Advice to businesses on dealing with cookies, by Masons

Related Stories

Web Bugs - Here Are the Rules
Privacy: US, full marks, Europe, null points - study
EU preps phase two of war on spam
UK.gov seeks input on anti-spam law
Spammers break law with covert tracking
Undetectable 'son of cookie' system wins grant
Spam out, cookies tolerated, data retention remains: EU