Most UK organisations not compliant with EU cookie law

Non-compliance can lead to fines of up to £500,000

The large majority of UK organisations are not compliant with a new EU cookie law, according to consultancy firm KPMG.

KPMG said that 95 per cent of the UK organisations it surveyed did not comply with the law, which is enforceable in the UK from 26 May.

The law, part of the EU Directive on Privacy and Electronic Communications, means that websites will need to obtain users' opt-in consent before installing cookies that pass on information about browsing activities to third parties.

Stephen Bonner, a partner in the information protection and business resilience team at KPMG, urged organisations to address the issue urgently, or risk fines of up to £500,000.

"With less than 50 days to go before enforcement, our analysis has found that the majority of UK organisations still need to complete substantial work to their websites. Time is running out for them, so they need to act to avoid severe financial penalties," he said.

Bonner said that many organisations do not realise the steps they need to take to become compliant.

"While the majority of the websites we analysed made a reference to the use of cookies under either the terms and conditions or specific privacy policies - and some also state how the cookies are being used - this is not enough to ensure compliance with the directive.

"Organisations need to focus their efforts on establishing an inventory of their websites and the cookies currently in use, before evaluating their purpose and then establishing a pragmatic plan to ensure compliance," he said.

The analysis was conducted among 55 major UK organisations across private and public sectors at the end of March 2012.