Over the past few days you may have noticed signs and buttons on websites informing you of certain company’s cookie policy. This is a result of the revised Privacy and Electronic Communications Regulations which came into force in the UK on 26 May 2011. Now, to comply with an EU directive, businesses and organisations in the UK need to get consent from visitors if they drop a cookie onto a user’s computer.
In internet parlance, a cookie is a scrap of code that websites drop onto your machine to store information about users. They are in commonplace use and extremly useful. For instance, when a website remebers you the next time you visit, that is the work of a cookie. As with all technology though, needless to say, they can be used maliciously too.
When the new regulation came into force, the ICO (Information Commissioner’s Office) offered a one year moratorium to firms to comply. That free pass has now expired and the ICO is writing to organisations asking for proof that they have complied.
eBay and Amazon have been contacted, as have Apple, the BBC, Department for Transport, Google, HSBC, John Lewis, Lloyds TSB, the Met Office, Microsoft, the National Lottery, Network Rail, the NHS, Sainsburys, Scottish Government, Tesco, the Cabinet Office, Virgin Media and Yahoo. The ICO has provided a full list here.
The organisations have been given 28 days to provide proof of compliance or explain how they will move to compliance. The letter from the ICO reads:
“If your organisation has not yet achieved compliance, please provide an explanation about why it has not been possible to comply within time, a clear timescale for when compliance will be achieved, and details of specifically what work is being done to make that happen.”
One Response
What a waste of time/effort! Online ‘privacy’ gone one step too far – completely pointless IMHO