A new law that requires consumers to consent to cookies being put on their computers came into effect today (26 May 2011).
The change reflects an amendment to the EU's Privacy and Electronic Communications Directive. Until now, businesses were required to tell people how cookies were used and give them a chance to "opt out" if they objected.
Now, though, not only are businesses obliged to tell people, but they also need to get their consent. The only exception is when putting a cookie on someone's computer is "strictly necessary" for a service requested by that person.
Consumers should therefore be expecting to be asked permission from today. And businesses need to start thinking about how they are going to ask it.
Given the short lead-in time to these new Regulations coming into effect (3 weeks) and the general low level of awareness, the Information Commissioner is proposing that businesses start to think about the practical steps they need to take to comply with the new law. The ICO has produced a helpful guidance note.
Sensibly, immediate and complete compliance is seen as unrealistic, but businesses should be able to show they are looking at the issue and working towards compliance and they are clearly expected to come up with new innovative ways of doing it. Meanwhile, the ICO has a nice simple box on its home page showing us the way.
Comments