The Information Commissioner's Office (ICO) has assured that, despite the grace period for complying with the new cookie laws ending soon, online firms will be looked on favourably if they can show they have taken some action.
The Privacy and Electronic Communications Regulations were amended in May last year to ensure websites got permission from visitors before downloading cookies onto their devices.
We cannot and do not rule out issuing fines, but it is most unlikely that breaches of the cookie requirements will meet the criteria.
The ICO is responsible for clamping down on firms that breach these requirements and, in serious cases, can issue fines of up to 500,000.
Companies were given a deadline of 26 May 2012, after the rules were first introduced, to overhaul their websites and comply.
However, during a media briefing in central London earlier today, the data protection watchdog said, as long as websites can prove they have started addressing the issue, it will not be taking action against them.
David Smith, deputy commissioner and director of data protection at the ICO, explained: "The moratorium on enforcement action comes to an end, but please don't read that [as] the Information Commissioner's Office is going to launch a torrent of enforcement action.
"What it really just means is that complaints about websites that don't get consent go into the normal processes we would take in assessing whether to use our powers," added Smith.
The ICO is "most unlikely" to impose financial penalties on websites found in breach of the new regulations, he revealed.
"We're not about enforcing the letter of the law for the sake of the letter of the law," he said. "We cannot and do not rule out [issuing fines], but it is most unlikely that breaches of the cookie requirements will meet the criteria we have to satisfy before we can impose a penalty."
-
CIOs and CTOs are making high-stakes decisions with incomplete informationNews Architecture, governance, and investment decisions control how fast organizations can move, what risks they can handle, and which opportunities are viable
-
Nvidia touts its contribution to UK sovereign AI plansNews The latest deal sees Nebius expanding capacity in the UK with three new deployments
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
23andMe 'failed to take basic steps' to safeguard customer dataNews The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
