Who's afraid of the big bad commissioner? In the cookie space, apparently no one. There is little to be afraid of just yet, hence why so few are bowing before the EU regulation.
Cookie monsters
Yet companies are not happy with the regulation. There is strong opposition facing the laws and the lack of clarity around them. On the latter point, the ICO has issued guidance for businesses, but there are so many 'mights' and 'maybes' in its advice it makes for ultimately unsatisfactory reading. The only real rule UK firms can go by is that users must show, in a "positive" way, that they agree to have cookies installed on their machines.
For website owners, the lack of definitive guidance is just a minor issue. The real beef is with the law itself.
But for website owners, the lack of definitive guidance is just a minor issue. The real beef is with the law itself. It only means more red tape for them to grapple with. For those companies who chuck a large number of cookies on users' systems, they will have to figure out how and where to get consent without ruining the experience on their sites. This takes time and money, something very few have plenty of or are willing to squander.
A Socitm report from earlier this year showed how massive the task facing UK organisations was. In an audit of 603 public sector websites, on average each site had 32 cookies. One had 1,346, just six had none. This would indicate almost all companies online (nearly all businesses then..), according to the law, will need to invest in compliance.
At a time when the UK is staring a second recession straight in the face, the cookie law represents another big bother for companies, one they could sorely do without.
A nightmare before Christmas?
On the one hand, there is little deterrent for companies. They won't be hunted down and they won't even have to make immediate changes to their websites if they're caught out. Furthermore, there is little evidence consumers actually care about cookies or that complaints will be made. The maximum 500,000 fines won't bother the big boys much either.
On the other, cookie laws are simply anathema to businesses and their web plans. Companies will continue to oppose the regulations and some will look elsewhere if they feel compliance is getting too much on these shores. That's more bad news for Britain.
With so many problems facing the EU-driven legislation already, and little apparent citizen support of it, it would come as no surprise if the cookie law crumbled before it even makes a mark on the UK.
-
Kaseya targets IT efficiency with new AI-powered toolsThe cyber security firm unveiled its new Kaseya 365 Ops and Kaseya SIEM offerings at its Connect 2025 event in Las Vegas
-
AWS to give AI skills to 100,000 people in the UK by 2030Cloud giant wants to inspire the next Charles Babbage and Ada Lovelace with an AI-training initiative that pulls government, business, and education together
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
