Online service-providers are choking on their custard creams as a result of new legislation introducing a number of revisions to the UK’s Privacy and Electronic Communications Regulations.
That’s the way the cookie crumbles...
The revised Regulations, in force from 26 May 2011, make clear that in order to store a cookie on a user’s PC or mobile device marketers must obtain the informed, positive consent of their users. The use of “opt-outs” will no longer suffice.
There are some limited exceptions where use of cookies is strictly necessary to deliver a service a user has requested (e.g. shopping basket technology). However, in the majority of cases the new rules will require a complete rethink, to ensure that the use of cookies is transparent and meaningful consent obtained.
No slam-dunk for browsers
Marketers are offered some crumbs of comfort, in that browser settings can in theory be used to indicate consent. However, the soggy residue at the bottom of the tea-cup is that the Information Commissioner’s Office (ICO) deems current browser setting technology too inflexible to comply with the Directive. The Government is encouraging browser manufacturers to produce enhanced versions that can give consumers the necessary control over their personal privacy. But until such time as such new technological measures are wide-spread this is unlikely to provide a practical solution to the requirements of the Regulations.
Digestive pause
Official guidance for website operators in the months preceding implementation of the Regulations was distinctly halfbaked. In recognition of this, the ICO has announced a 12 month “lead-in” period (ending in May 2012) during which it will take no enforcement action provided that an organisation is taking proactive steps to review its existing use of cookies and to develop a compliance plan 1.
1 You can read the ICO guidance on planning for compliance here.