ICO ticks websites off over cookie compliance

Cookies on a laptop

UK firms' compliance with the latest laws on the collection and use of web cookies leaves a lot to be desired, the Information Commissioner's Office (ICO) has warned.

The revised Privacy and Electronic Communications Regulations came into force on 26 May this year, but businesses are allowed a certain period of grace to get up to speed. However, even with that grace period, many aren't acting or are doing so wrongly.

Many people running websites will still be thinking that implementing the law is an impossible task. But they now need to get to work.

To remedy the situation and ensure website owners are fully following the relevant rules and regulations, the ICO has issues guidelines as to what to do, although it has stopped short of being too prescriptive.

"Our mid-term report can be summed up by the schoolteacher's favourite clichs 'could do better' and 'must try harder.' Many people running websites will still be thinking that implementing the law is an impossible task. But they now need to get to work. Over the last few months we've been speaking to and working with businesses and organisations that are getting on with it and setting the standard. My message to others is if they can do it, why can't you?" said Information Commissioner Christopher Graham.

"Some people seem to want us to issue prescriptive check lists detailing exactly what they need to do to comply. But this would only get in the way and would be too restrictive for many businesses and organisations. Those actually running websites are far better placed to know what will work for them and their customers."

ICO guidance is available on a number of topics, from adding clarity as to what constitutes consent, which cookies might be exempt from the new rules and third-party cookie management. Full details can be found on the ICO website (PDF download).

"The guidance we've issued today builds on the advice we've already set out, and now includes specific practical examples of what compliance might look like," Graham added.

"We're half way through the lead-in to formal enforcement of the rules. But, come 26 May next year, when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there."

Maggie Holland

Maggie has been a journalist since 1999, starting her career as an editorial assistant on then-weekly magazine Computing, before working her way up to senior reporter level. In 2006, just weeks before ITPro was launched, Maggie joined Dennis Publishing as a reporter. Having worked her way up to editor of ITPro, she was appointed group editor of CloudPro and ITPro in April 2012. She became the editorial director and took responsibility for ChannelPro, in 2016.

Her areas of particular interest, aside from cloud, include management and C-level issues, the business value of technology, green and environmental issues and careers to name but a few.