Direct Marketing Commission - Enforcing Higher Industry Standards

Data & Marketing Commission | Enforcing Higher Industry Standards

New EU law on cookies

23rd March, 2011 at 11:36am

The EU’s new Privacy and Electronic Communications Directive law came into force on 26 May 2011.  It  requires websites to gain consent from computer users before using tracking technologies (or cookies).   A cookie is a small file of letters and numbers downloaded on to a device when the user accesses certain websites.  Cookies allow a website to recognise a user’s machine.

Cookies might be used, for example, to remember your preferences on a website, to record what you have put in your shopping basket before you check out, to count the number of people looking at a website or to look at how users navigate the site. The Regulations also apply to similar technologies for storing information. This could include, for example, Locally Stored Objects (commonly referred to as “Flash Cookies”).

The ICO will use the information it gets from consumer complaints to obtain business intelligence about how well organisations are moving towards compliance with the regulations. Website owners have up to 12 months to comply with the new cookies legislation.  Any enforcement action will be in line with the existing ICO enforcement strategy, which means that action will be focused on areas where there is harm or risk to individual’s privacy.  The ICO is therefore likely to be more concerned about the intrusive use of personal information collected through the use of a cookie as opposed to the actual use of a cookie.