Jump to page content
 

New Opt-Out Rules on Cookies - Grace Period Ends

NickCA year ago the Government introduced new rules on the use of cookies. The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, which implemented an EU Privacy Directive, became law on 26th May 2011. However the Information Commissioner, who is responsible for enforcing the Regulations, announced a one-year grace period during which no enforcement action would be taken so as to allow businesses an opportunity to make the changes required by the Regulations. That grace period ends on 26th May 2012.

Cookies are small text files implanted by a website on the hard disks of visitors to the site (often without visitors being aware of this). They are used to collect information on the visitors to a website. Whilst it may not be possible to identify a living individual solely from the information transmitted by a cookie, it may be possible to do so by reference to that information in combination with other information held by the recipient or by a third party. Until now, it has been enough to warn visitors to a website that it used cookies and to give them a right to "opt-out" if they objected. Many sites did this by including the relevant information in their privacy policies.

Under the new rules, visitors to a website must positively opt-in to receiving cookies. There is only one exception to this rule. A visitor's consent will not be required for an activity that is "strictly necessary" for a service requested by the visitor. An example might be needed for a cookie used to ensure that when a visitor has selected goods they want to buy and clicks the "add to basket" or "proceed to checkout" button, the site "remembers" what was selected on a previous page.

The new rules give the Information Commissioner enhanced enforcement powers, including the power to impose serve a monetary penalty of up to £500,000 on businesses that seriously breach the rules if:
. the contravention was of a kind likely to cause substantial damage or substantial distress, and
. (in broad terms) the contravention was deliberate or the business knew or ought to have known that there was a risk that a contravention would occur and failed to take reasonable steps to prevent it.

It seems that the new rules may pose something of a challenge to businesses. It remains to be seen how that challenge will be met. At the moment, there seems to be few signs that businesses are getting to grips with the requirements of the new Regulations. Any business that decides to bury its head in the sand needs to appreciate that by doing so, it is running the risk of having to pay a fairly hefty fine.

To find out more, please contact Nick Crook or Tina Middleton.

Filed: 20/05/2012 18:30:36

Heald Logo


Heald Solicitors
Ashton House, 471 Silbury Boulevard, Central Milton Keynes, Buckinghamshire, MK9 2AH (Registered Office)
Tel: 01908-662277 | Fax: 01908 675667 | Legal & Privacy

Authorised and regulated by the Solicitors Regulation Authority Number 559621
Heald Solicitors is a trading name of Heald Solicitors LLP Registered No: OC363895