Fashionista keeps hearing concerns from fashion businesses about the new rules on cookies, due to come into force on 25 May. For those of you who, like Fashionista, are more familiar with the chocolate variety, set out below is a short guide to the new rules:
What are Cookies? Cookies are small files which track users’ movements across the internet. They are of particular importance to online behavioural advertising which uses the information to target adverts at specific users. However, websites use cookies for other reasons such as to store password information or similar data. Many users are completely unaware of cookies’ existence and consequently the amount of information that is gathered about them.
What are the new rules? The new legislation strengthens the existing legal requirements for “clear and comprehensive” information to a requirement to obtain users’ informed opt in consent on the use of cookies on computers and mobile/smart phones. The changes are controversial because many argue the new standard will prove impracticable. When it consulted on the issue at the end of 2010, the UK Government acknowledged that it would be difficult for the legislation to be overly prescriptive about how users’ consent should be obtained. In March the Government announced that is working with browser manufacturers on a technical solution which would use enhanced browser settings to obtain the requisite consent.
So what does this mean for online businesses? With the UK unlikely to have practical guidance in place in time for the May transposition deadline, UK businesses are unlikely to face enforcement action in the short term. Businesses should use this period of limbo to audit the cookies used on their websites and review their existing privacy policies in anticipation of the new rules and guidance.
Image: joannawnuk / FreeDigitalPhotos.net
4 Comments
My understanding is that the UK has until the 25th May to provide for the new rules. It will be interesting to see whether what they ultimately come up with meets the requirements of the amended Article 5(3) of the e-privacy directive in the eyes of the European Commission.
Thanks Alan. You are absolutely right – the new rules are due to kick in on 25th May. Although the UK regulations were due to be published last week, there’s no sign of them, so we just have to watch this space….
Details are now up on the DCMS website
On Friday DCMS published its 87 page response document “Implementing the revised EU Electronic Communications Framework“. In relation to cookies (see pages 71 to 76) most of the info is not new. The Government’s document acknowledges the uncertainty created by the delay in developing “meaningful solutions” but concludes by urging businesses to “abide by the spirit of the revised Directive and develop best practice ahead of full implementation”. Beyond “looking at their own use of cookies”, however, the document does not shed any light on the practical steps this might entail. Until the promised ICO guidance (and, ultimately, recommended technical solutions) are published, all that online businesses can do is:
(i) audit the kinds of cookies currently used on their websites and the purposes for which these are used;
(ii) ensure their privacy policies provide clear, user friendly explanations of the cookies actually used by the site; and
(iii) take the opportunity to review and if necessary update their privacy policies and data collection notices more generally, to ensure they reflect current best practice.