95% of UK organisations 'do not comply with EU cookie law'
New regulation comes into effect next month, with financial penalties for non-compliance
By Anh Nguyen | Computerworld UK | Published 14:59, 10 April 12
A survey has found that 95 percent of major UK organisations in the public and private sectors still do not comply with the new EU cookie law.
From 26 May 2012, the EU's Privacy and Communications Directive will require users to give permission for websites to install cookies on their internet browsers.
However, when KPMG analysed the websites of 55 UK organisations, including many within the FTSE 100, it found that most were not in compliance, putting them at risk of receiving fines of up to £500,000. Last August, public sector IT managers' association Socitm said that councils and public bodies would find it a challenge to comply with the new legislation.
KPMG found that only one of the websites analysed specifically gave users the choice to opt-in. Only two sites said they were currently updating their cookies policies to become compliant before the deadline, while two of the sites analysed did not use any cookies at all. The survey was conducted at the end of March.
Stephen Bonner, a partner in the Information Protection and Business Resilience business team at KPMG, said: "With less than 50 days to go before enforcement, our analysis has found that the majority of UK organisations still need to complete substantial work to their websites.
"Whilst the majority of the websites we analysed made a reference to the use of cookies under either the terms and conditions or specific privacy policies, and some also state how the cookies are being used, this is not enough to ensure compliance with the directive."
He added: "Organisations now need to focus their efforts on establishing an inventory of their websites and the cookies currently in use, before evaluating their purpose and establish a pragmatic plan to ensure compliance."
KPMG recommended that organisations could start by adding consent requests to cookies related to logon, registration and other similar processes.
The Information Commissioner’s Office (ICO) said that it is “vital” that organisations start moving towards becoming compliant, and recommended new guidance published by the International Chamber of Commerce.
“The results of this survey show that many websites still have work to do,” an ICO spokesperson said.
“Last week the ICO welcomed the UK guidance launched by the International Chamber of Commerce. We recognise that this guidance provides organisations with a good starting point from which they can work towards full compliance.
“We are also receiving positive feedback from websites who are already implementing new and innovative approaches aimed at making their websites complaint with the changes. We will be updating our own cookies guidance to ensure that best practice advice is shared across the industry.”
