EU laws requiring websites to obtain ‘informed consent’ from users before employing cookies to store information from a computer or mobile device came into force on 26 May.
According to Gary David Smith as many as 90 per cent of UK website owners are currently ignoring the legislation.
EU laws concerning cookies changed on 26 May 2011 but the Information Commissioner (ICO) gave British website owners one year’s grace to conform to the legislation.
The new legislation distinguishes between four types of cookie: those that are ‘strictly necessary’ for a site to function; those necessary for a site to monitor its own ‘performance’; those that add ‘functionality’ like remembering a password; and cookies which collect several information about users’ browsing habits.
The International Chamber of Commerce suggest sites should ask browsers to click on four separate icons but sites that do ask for consent to employ cookies usually only employ one pop-up.
“The legislation does allow for sites to work on ‘implied consent’ if they know visitors have been made aware of revised privacy policies but its no good relying on a policy page that is out of date or difficult to find.”
“Even in the case of simply applying Google Analytics to your site you need to let your visitors know that you are doing that, ” he said.
The ICO have confirmed that they are receiving many complaints from users of UK sites but that in the first instance they will be working with site owners to improve their cookie policies rather then looking to fine transgressors immediately. The maximum fine for non-compliance is £500,000.
“This legislation gives web users the misapprehension that all cookies are bad. The majority are designed to enhance the visitors experience of a site. Inevitably, as web visitors become more familiar with how cookies are used the new legislation will become simpler to comply with,” said Gary David Smith.