The Information Commissioner’s Office (ICO) has confirmed that some of the 75 companies that it sent a warning letter to regarding the new cookies legislation have not replied within the imposed 28-day response period.
The government was forced to revise the Privacy and Electronic Communications Regulations, which came into force in the UK on 26 May last year, to address a new EU directive that demands that businesses and organisations running websites in the UK get consent from visitors to their websites in order to store cookies on users’ computers.
Facebook, John Lewis, Everything Everywhere and the Cabinet Office were among the organisations contacted by the ICO after a 12-month moratorium period ended, which was intended to allow companies to get their house in order to comply with the new regulation.
The ICO letter read: “Our expectation is that you will now be able to demonstrate the action your organisation has taken to comply with the revised rules for cookies.
“If your organisation has not yet achieved compliance, please provide an explanation about why it has not been possible to comply within time, a clear timescale for when compliance will be achieved, and details of specifically what work is being done to make that happen.”
The companies were given 28 days to provide this information to the Information Commissioner, who highlighted in the letter that the ICO has a “range of options available” to it to take formal action where companies cannot prove that they are working towards compliance within reasonable timeframes. These options include undertakings, committing organisations to a particular course of action to enforcement notices and possible fines of up to £500,000.
A spokesperson for the ICO has confirmed to Computerworld UK that not all of the companies contacted have responded to the request. However, the ICO would not reveal exactly how many companies had failed to stick to the four-week response time.
“Last month the ICO wrote out to 75 organisations, including key stakeholders, popular websites and a number of important national and regional organisations and agencies regarding the cookies changes. The letter formed part of a targeted approach by the ICO to understand compliance across a sample of organisations from different sectors,” said the spokesperson.
He added: “We are now receiving replies and will look at the information they have provided to understand how organisations have worked to comply with the changes. A number for organisations have also issued holding responses with a view to providing more detailed feedback shortly.”
“We are currently waiting for all of the final responses to be received, before providing any further update.”
Computerworld UK went through the websites of the 75 companies on the ICO’s list and found at least 56 that were yet to implement changes to comply with the latest EU cookie directive.