The snappily-named Privacy and Electronic Communications Directive became law in England last May, but to the relief of most businesses, the Information Commissioner’s Office allowed a 12 month period of grace to allow website owners time to comply.
That period of grace expires on 25th May 2012. Jonathan Waters, data law expert at Hay & Kilner Solicitors, is warning businesses that there will be fierce penalties for non-compliance now that the new rules are in force.
Jonathan Waters, a commercial partner at Newcastle law firm Hay & Kilner, commented: “Any business that has not yet taken action to comply must do so urgently. The 12-month period of grace means that the penalties for businesses that do not comply will be all the harsher. The Information Commissioner warned last year that ‘those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules.’”
It is a file that enables a website to store data relating to users. For example, a cookie will enable the website of an on-line store to record what is in your basket, or to know what scene you have reached if you are watching a television drama on-line.
Cookies do not act as viruses because they cannot perform functions, they can only read. However they can act as a sort of spy in your computer because they can record your browsing patterns and personal information without your knowledge. For this reason anti-virus and security software will normally flag them for deletion.
The owner of any website that operates within the EU must now ensure compliance with the rules. This includes any website that has a secure area where users log in, or one that has a shopping basket facility or runs advertisements from third parties.
Even if your website does none of these things it might be using cookies if it has software such as Google Analytics that collects statistical information about the use of the website or the number of viewings of particular pages on the site.
Jonathan added: “Many smaller businesses have assumed it won’t apply to them if they don’t trade online or have complex websites, but most of them will be running site analytics.