stevepettCookie Law REMINDER
The new Privacy and Electronic Communications Regulations (PECR),
announced by the Information Commissioner's Office (ICO) in 2011, will
be enforced in May 2012. In advance of the compliance date,
organisations are expected to take appropriate steps to be compliant,
which include making proactive changes to their websites.
Best practice is to conduct a cookie audit and make changes to your
websites to ensure compliance.
Once you've audited for cookies, decide what you should do with those
you've found. As you may recall you require informed consent from Users
to continue using cookies to collect data about them.
After May 26th if a business is not compliant, or is not visibly working
towards compliance, it will run the risk of enforcement action from the
ICO. Fines are unlikely except for flagrant breach but they can be up to
half a million pounds.
If you cannot or do not want to gain consents you should remove cookies
especially those that are intrusive. Any cookies that are designed to
track individual visitor behaviour are likely to be considered
intrusive. Early indications suggest that intrusive cookie notices are
leading to visitor volumes falling. If you need cookies to make the
website operate or where consent can be assumed, the notice you issue
must specific as the ICO guidance suggests that assumed consent can only
be construed in very narrow circumstances.
Where third party suppliers' content is included, you need to be certain
of what cookies they use and what for.
The minimum a cookie notice is likely to need is:
A statement that cookies are being used and their purpose (to enable the
website to function, primarily)
A link to a description describing each cookie and its use.
A tick box gaining consent for that cookie - remember to include this
cookie in the list of cookies used.
A tick box for whether the cookie can be stored for the session and/ or
more permanently.
The blog I need help with is www.lpauk.com.
