The law, which will come into force on 26 May 2011, comes from an amendment to the EU’s Privacy and Electronic Communications Directive. It will require UK businesses and organisations running websites in the UK to get informed consent from visitors to their websites in order to store and retrieve information on users’ computers. One common technique of storing information is known as a cookie.
The advice, which follows the publication of UK regulations by the Department for Culture, Media and Sport, will help people to consider what type of cookie or similar technology their website uses and for what purpose, how intrusive their use is, and offers advice on what solution for obtaining consent will suit them.
The ICO has drawn up the advice to help organisations to start to think about the practical steps they will need to take to remain compliant with the new law. It will be supplemented by additional content as innovative ways to acquire users’ consent are developed.
Information Commissioner, Christopher Graham, said:
“The advice we’ve issued today should help businesses and organisations to get on the road to compliance in a way that causes them – as well as UK consumers – minimal disruption.
“The implementation of this new legislation is challenging and involves significant technological considerations. That’s why we’ve already consulted a wide range of stakeholders. But we want to spread the net as wide as we can and would welcome further comments from others who have practical examples to share. This advice is very much a work in progress and doesn’t yet provide all of the answers.
“We’re responsible for regulating the new law and will undoubtedly start to receive complaints about companies who are using cookies without consent. We’d urge all UK businesses and organisations to read our advice and start working out how they will meet the requirements of this new law.”
Advice for consumers on what the new law will mean for them is currently being drafted. This, along with further information about the ICO’s approach to enforcement of the new rules, will be published shortly.
The amendments to the Privacy and Electronic Communications Regulations also grant other new powers to the ICO, including the power to serve monetary penalties of up to £500,000 to organisations that make unwanted marketing phone calls. Further guidance on each of the new powers is currently being drawn up.
1. The advice on the new cookies Regulations is available on the ICO website at: http://www.ico.gov.uk/~/media/documents/library/Privacy_and_electronic/Practical_application/advice_on_the_new_cookies_regulations.pdf.
2. Information about the other new ICO powers coming into force on 26 May 2011 is available on the ICO website at: http://www.ico.gov.uk/~/media/documents/pressreleases/2011/ico_welcomes_new_powers_news_release_20110420.ashx.