Are you complying with the cookies law? Charlotte Black of specialist law firm TravLaw says businesses need to act now to comply with regulations now in force if they have not done so already
Many of us may think of a cookie as a rather delicious biscuit, but it is also a small file downloaded to a person’s computer when he or she visits a website.
It is these cookies which allow a website to recognise a user’s computer and do things such as save passwords, log in details and user preferences and collect statistical information about the use of the website. Most of us operate websites which download cookies on to users’ computers.
Website owners were given a year’s grace to implement the changes required under the new law – and that grace period just ran out.
Yet on the eve of this happening it was anticipated that more than 80% of the industry was not yet prepared for the new rules. These require that cookies only be downloaded on to a computer where the user or subscriber has given their express consent.
The regulation states that cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment is: (a) provided with clear and comprehensive information about the purposes of the storage of, or access to, that information. AND (b) has given his or her consent.
One of the main challenges is to obtain this consent without affecting the user’s experience of your website.Critics of the rules envisage internet bookers being bombarded with consent pop-up boxes, with a potential impact on sales.
The new law also poses particular difficulties for websites which allow third parties to download cookies on to a user’s computer or device. This is a challenging area for websites which display content from third parties, for example through online advertising.
Businesses are now expected to have made the necessary changes to comply. The fine for non-compliance could be up to £500,000, although penalties will start much lower than this at up to £5,000 per breach in a Magistrates Court.
The changes have been described by the industry as vague and poorly drafted. However, the new law is here to stay, and the Information Commissioner’s Office (ICO) has warned that from May 26 this year there will be enforcement.
There is a real lack of guidance on this issue. The letter of the law appears to have been broken in this example, but whether this would be considered a breach boils down to how the law is interpreted.
Unless the ICO provides guidance, only time will tell how the it chooses to enforce this rule.
At TravLaw we suggest the following:
2. Monitor the ICO website, and follow its guidance. Consider what your peers in the industry are doing in respect of the Cookies Directive? You don’t want to be the only one non-compliant.
4. Speak to your website technology provider. Can they build into your website opt-in cookie boxes which are clear and simple for the user and don’t affect use of your website?
5. Don’t bury your head in the sand. If you require further information contact either Charlotte or Farina at Travlaw.
Charlotte Black is head of the employment department at TravLaw
This is a community-moderated forum.
All post are the individual views of the respective commenter and are not the expressed views of Travel Weekly.
By posting your comments you agree to accept our Terms & Conditions.