UK's New Cookie Law Is in Effect (But Lots Aren't Complying)

Last year, the European Union passed new online privacy regulations that stated all websites across the EU must obtain users permission before storing cookies. Previous laws relating to online privacy stated that website owners must tell people how they used cookies, and explain how to 'opt out' if users wanted to do so. However, new rules say that cookies can only be placed on machines where the user or subscriber has given their consent. The only exception to the new rule is for 'strictly necessary' cases, such as remembering what a customer added to their shopping cart after they have hit 'proceed to check out.'

In effect as of May 26, 2011 websites in the United Kingdom were given 12 months to comply with the new laws. In case you haven't looked at your calendar in a while, today is May 28, which means any website not complying with the law as of Saturday is now in breach of this law. Interestingly enough, the BBC last week reported that the government itself was expected to miss the May 26 deadline.

"As in the private sector, where it is estimated that very few websites will be compliant by 26 May, so it is true of the government estate," a Cabinet Office spokesman told the BBC last week. "The majority of department websites will not be compliant with the legislation by [May 26]."

The spokesperson said that the government was "working to achieve compliance at the earliest possible date" but offered no indication as to when that might be. Of course, preparing your site for a change like this is no easy feat -- websites have to first do a cookie audit to determine what cookies they're storing, and then put together a solution that informs users of what they're collecting and offers them a way to opt out of cookie collection if they wish to do so. In fact, the Information Commissioner's Office has said it's well aware that it will take time to comply. It seems ICO is happy enough to know that websites are on the path to compliance and is very understanding of those that aren't there quite yet.

"We've actually spoken to lots of organisations who are on the road to compliance," said ICO's Dave Evans. "They've told us about the steps that they've already taken [...] so we're aware lots of organisations will be compliant, either already or in the near future," he continued, later adding that the ICO knows it's not an easy task for website owners to undertake.

"From our point of view we have to recognise that this isn't an easy area for people to comply," Evans said. "I think this isn't a matter of just switching off the internet and starting again, it's not so simple as that. There's lots of work involved. For some of the organisations we spoke to, this cookie audit takes a long time because of the sheer number of cookies that they use. So while we recognise that there are issues around how long this is going to take, what we do expect is that anyone who's not ready by the end of May 2012 can at least demonstrate that they've a), taken some steps already, but b), that they've got a realistic plan that at they end of which they'll be able to say they can achieve compliance."

You can read more about the new cookie law and find additional information on compliance over on the ICO's website.

Follow @JaneMcEntegart on Twitter.           

  • memadmax
    Glad I don't live in the UK....
    Place is turning into a regulatory nightmare....
    (the stuff they are doing to the internet is just the tip of the iceburg)
    Reply
  • jryan388
    I think this will annoy users much more than help them...
    Reply
  • Amen2That
    Even if a website adds the warning for cookies, I wouldn't trust it to be in compliance. I'd be a whole lot easier and safer (not to mention a lot cheaper for site operators) for users to just disable cookies in their web browsers. Besides that, some sites don't even bother with cookies to track you, instead they use a SID that's embedded in every link to track your progress through the site.
    Reply
  • cookoy
    i got a jarful of cookies on my pc, including sites i don't remember ever visiting. Good thing firefox has an option to let you view and selectively remove them. This will take a while. Or i'll just nuke them all.
    Reply
  • contentsmayvary
    What's with all the hard-of-reading folks who seem to think this is a UK-initiated law...

    It's not. Try reading the article again. Duh.
    Reply
  • BWMerlin
    At least they are trying to increase privacy for users unlike the US who seems to be going out of its way to hunt down everyone at the whim of big business and government.
    Reply
  • blibba
    john_4A bunch of Fascists/Socialists is what they are with a camera on every corner.
    Socialists? I wish. If we were even nearly socialists we'd have the best living standards in the world, like Sweden and Denmark.
    Reply
  • cookoyi got a jarful of cookies on my pc, including sites i don't remember ever visiting. Good thing firefox has an option to let you view and selectively remove them. This will take a while. Or i'll just nuke them all.
    No kidding, I run Ghostrey on Firefox - it's blocking 15 tracking cookies on Tom's right now. Just about the only site on the web that has zero is bbc.co.uk, but that's probably because they are socialists. Or maybe facists. Not sure...
    Reply
  • zaznet
    contentsmayvaryWhat's with all the hard-of-reading folks who seem to think this is a UK-initiated law...It's not. Try reading the article again. Duh.
    It's not just the readers. Tom's has the title stating it is a UK law.
    Reply
  • eddieroolz
    I'm confused. On one hand Britain attempts to bolster privacy by requiring this cookie law. But on the other hand they attempt to pass surveillence laws.

    What are they trying to do...
    Reply