EU laws requiring websites to obtain ‘informed consent’ from users before employing cookies to store information from a computer or mobile device came into force at the end of May.
According to Gary David Smith, co-founder of Prism Total IT Support as many as 90% of UK website owners are currently ignoring the legislation.
“All UK websites which use cookies in any form need to get consent from the user before the cookies are placed on the user’s PC or the site must be adjusted to redirect to a cookie free version if the user rejects the consent form,” explained Mr Smith – whose company supplies complete IT support to over 1000 SME’s nationwide.
EU laws concerning cookies changed on 26 May 2011 but the Information Commissioner (ICO) gave British website owners one year’s grace to conform to the legislation.
The new legislation distinguishes between four types of cookie: those that are “strictly necessary” for a site to function; those necessary for a site to monitor its own “performance”; those that add “functionality” like remembering a password; and cookies which collect several information about users’ browsing habits.
The International Chamber of Commerce suggest sites should ask browsers to click on four separate icons but sites that do ask for consent to employ cookies usually only employ one pop-up.
“Virtually all commercial websites use cookies in one form or another,” said Gary David Smith. “Google Analytics is probably the most common and is used by about 60% of websites.”
“The legislation does allow for sites to work on “implied consent” if they know visitors have been made aware of revised privacy policies but it’s no good relying on a policy page that is out of date or difficult to find.”
“Even in the case of simply applying Google Analytics to your site you need to let your visitors know that you are doing that,” he said.
The ICO have confirmed that they are receiving many complaints from users of UK sites but that in the first instance they will be working with site owners to improve their cookie policies rather than looking to fine transgressors immediately. The maximum fine for non-compliance is £500,000.
“This legislation gives web users the misapprehension that all cookies are bad. The majority are designed to enhance the visitor’s experience of a site. Inevitably, as web visitors become more familiar with how cookies are used the new legislation will become simpler to comply with,” said Gary David Smith.