Most UK Businesses Are Still Ignoring ‘Cookie’ Laws

EU laws requiring websites to obtain ‘informed consent’ from users before employing cookies to store information from a computer or mobile device came into force at the end of May. According to Gary David Smith – the co-founder of Prism – as many as 90% of UK website owners are currently ignoring the legislation.

“All UK websites which use cookies in any form need to get consent from the user before the cookies are placed on the user’s PC or the site must be adjusted to redirect to a cookie free version if the user rejects the consent form,” explained Smith – whose company supplies complete IT support to over 1,000 SMEs nationwide.

EU laws concerning cookies changed on 26 May 2011 but the Information Commissioner (ICO) gave British website owners one year’s grace to conform to the legislation.

The new legislation distinguishes between four types of cookie: those that are ‘strictly necessary’ for a site to function; those necessary for a site to monitor its own ‘performance’; those that add ‘functionality’ like remembering a password; and cookies which collect several information about users’ browsing habits.

The International Chamber of Commerce suggest sites should ask browsers to click on four separate icons but sites that do ask for consent to employ cookies usually only employ one pop-up.

“Virtually all commercial websites use cookies in one form or another,” said Smith. “Google Analytics is probably the most common and is used by about 60% of websites. The legislation does allow for sites to work on ‘implied consent’ if they know visitors have been made aware of revised privacy policies but its no good relying on a policy page that is out of date or difficult to find.

“Even in the case of simply applying Google Analytics to your site you need to let your visitors know that you are doing that” he said.

The ICO have confirmed that they are receiving many complaints from users of UK sites but that in the first instance they will be working with site owners to improve their cookie policies rather then looking to fine transgressors immediately. The maximum fine for non-compliance is £500,000.

“This legislation gives web users the misapprehension that all cookies are bad. The majority are designed to enhance the visitors experience of a site. Inevitably, as web visitors become more familiar with how cookies are used the new legislation will become simpler to comply with,” concluded Smith.

Christian Harris is editor and publisher of BCW. Christian has over 20 years' publishing experience and in that time has contributed to most major IT magazines and Web sites in the UK. He launched BCW in 2009 as he felt there was a need for honest and personal commentary on a wide range of business computing issues. Christian has a BA (Hons) in Publishing from the London College of Communication.