UK firms should show awareness of EU cookie law to avoid a fine, says expert

UK organisations that are not yet compliant with the EU cookie law should show some awareness of the new legislation to avoid hefty fines, according to Kim Walker, partner at law firm Thomas Eggar.

The law is enforceable in the UK from 26 May and is part of the EU Directive on Privacy and Electronic Communications.

It means that websites will need to obtain users' opt-in consent before installing cookies that pass on information about browsing activities to third parties.

Walker advised businesses to carry out an audit of the cookies their websites serve.

"We're suggesting that businesses should put something on their website to show that they are carrying out an audit. This would enable them to check what cookies are actually being used, if there are any that are not needed and can be discarded, and to understand why they are being used in the first place," she explained.

She said that the next consideration for firms is to be cautious about implementing any changes as the regulations will not necessarily affect all organisations. The law is aimed at tackling organisations that use cookies to bombard users with adverts, which is not all businesses.

"If a business wants to use the cookies for their own analytics purposes and these fall within the spirit of the regulations then it may be worth taking a commercial view and waiting to see what others do before committing resources to update their website.

"This is because the regulations are clearly aimed at that relatively small number of businesses that are maliciously exploiting the use of cookies," she added.

Walker said that as the Information Commissioner's Office (ICO) has limited resources it would only concentrate on the businesses that are exploiting the use of cookies.

[Turn to next page]

UK firms should show awareness of EU cookie law to avoid a fine, says expert

As a result, she urged other firms to complete an audit to reduce their chances of a fine as it shows that at the very least, they are aware of the legislation.

Last month, a survey by consultancy firm KPMG found that 95 per cent of the UK organisations it polled did not comply with the law, and Walker believes this is could still be true.

"There are relatively few local authorities and brand owners that are compliant, particularly in the retail sector. The exceptions [those who do comply] include the ICO, which has a pop-up on the homepage that is obtrusive and visitors will see it straight away," she said.

The Cabinet Office issued a statement today saying that government websites are working to achieve compliance "at the earliest possible date".

"We understand that the expectation from the ICO is that organisations in both the public and private sector need to demonstrate that they are moving towards compliance," the statement reads.

Walker said that firms should look at the ICO's website for further guidelines and emphasised that organisations could be penalised for not being compliant with the law.

"There is a penalty or fine, or a form of notice to ensure that the organisation complies within a certain timeframe," she said.