From later this month, UK-based organisations running websites in the UK will have to get 'informed consent' from visitors to their websites before storing and retrieve information on users’ computers. Using cookies technology is a common method of storing this information.
The requirement is due to an amendment to the EU’s Privacy and Electronic Communications Directive, and firms face fines of up to £500,000 if they break the EU law.
The ICO’s guide encourages organisations to check what type of cookies, and similar technologies, they use, assess how intrusive the technology is, and decide how best to obtain consent.
Information Commissioner Christopher Graham, said: “We’ve already consulted a wide range of stakeholders, but we want to spread the net as wide as we can and would welcome further comments from others who have practical examples to share. This advice is very much work in progress and doesn’t yet provide all of the answers.
“We’re responsible for regulating the new law and will undoubtedly start to receive complaints about companies who are using cookies without consent. We’d urge all UK businesses and organisations to read our advice and start working out how they will meet the requirements of this new law.”
The amendments to the regulation come into effect on 26 May 2011, which prompted Andreas Edler, managing director at web hoster Hostway UK, to express a frustration that will be shared by many UK businesses.
“The legislation has good intentions in aiming to help protect peoples’ online privacy, but the ICO and Government really should have taken a more proactive approach towards its implementation," he said. "This has been in discussion amongst EU members, including the UK since September last year, so why only now is the ICO starting to treat it as a matter of priority?
“Clearly, most businesses and organisations won’t be able to make the changes by the 26 May deadline. Why implement a law when you have only just started to tell people what they can do to abide by it?”
The amendments to the regulation come into effect on 26 May 2011. In addition to the cookies law, they grant the ICO a number of new powers, including allowing the information watchdog to serve monetary penalties of up to £500,000 to organisations that make unwanted marketing phone calls.
The ICO already has the power to fine firms up to £500,000 for serious personal data breaches.