The EU Cookie Law began with the amendment in 2009 of the EU’s Privacy and Electronic Communications (e-Privacy) Directive that stated that website owners can no longer implant cookies on their users’ computers without first getting permission. In short, the EU is trying to require brands to be more open and transparent with their customers’ data.
This directive, in the form of new UK regulations, will shortly come into force on 26th May 2012 and the Information Commissioner’s Office (ICO) has stipulated that all UK websites will require the full consent of the end user in order to continue using cookies.
Although it is unclear yet how heavy handed the ICO will be in enforcing compliance, it is likely that making no attempt to meet the new requirements could result in hefty fines. The ICO is also likely to focus its attention on ‘persistent’ cookies, i.e. those that remain on a user’s computer after a session has ended and remember the user when they return.
It is likely to take a couple of years before accepted best practice becomes clear, however it does seem likely that due to the practical constraints involved, a ‘tick box’ solution to opt-in will prove too tricky for businesses to implement. For the time being businesses should ensure that their privacy policies are updated to deal adequately with the cookie law and are displayed in a prominent enough manner.