May 31, 2011
The European Privacy and Communications Directive came into force on the 26th May. Businesses are now obliged to obtain explicit consent from users of their websites to the installation of cookies on users’ computers. However, the Information Commissioner’s Office is giving businesses one year to ensure that they comply with the new law, before they will take action against those infringing it. Compliance will involve both securing users’ consent to the use of cookies and also providing them with comprehensive information about how the information collected by the cookies will be used and stored. The Office has published guidelines on measures that can be taken to ensure compliance with the law. These include assessing which cookies are essential to the business and removing any that are not necessary, using pop up consent tick boxes and/or asking users to agree to terms and conditions containing the necessary consent. The Government is also working with browser manufacturers to make it possible in future for businesses to be able to rely on users’ browser settings as indicating their consent to certain types of cookies. However, it is up to individual businesses as to how they adapt these suggestions to suit their businesses. Further advice can be obtained from a commercial solicitor.