The EU cookie consent law comes into force online

The new EU legislation, the cookie consent law, has come into force. This is the new legislation whereby websites must ask users for their consent over cookies. The consent will be divided into different categories. The London Office of the International Chamber of Commerce has brought in a code of conduct to help businesses comply with the legislation.

British websites have already had a year to get used to the new rules and from now if they breach them they could be fined up to half a million pounds. There will now be four different categories of cookies and the ICC is suggesting that they will be identified by four icons.

The Information Commissioner or ICO has said that ‘implied consent’ can be taken by websites as long as it is understood by users what terms they have agreed to. For instance a website’s terms and conditions and privacy policy should be clear and easily found and not hidden away or hard to understand.

If sensitive information is being collected, such as personal details of any kind then more explicit consent should be given by the user. It is recognized, however that some cookies are an absolute necessity for a website to function properly. Functional cookies such as for remembering passwords or monitoring a website’s performance.

Then there are ‘targetting cookies’ which, for example, collect information about a person’s browsing habits. These will fall into a different category. The guide suggests that websites should make clear, in easy to understand language, exactly what they are asking for. It does allow for the fact that some cookies will fall into multiple categories. The guide has been welcomed by the Information Commissioner’s office.

It has stated that the ICO have always been of the mind that websites have to be clear in what they are asking and give users enough information so that they can make an informed decision as to whether they want cookies put on their device. The ICC has said that it hopes the new guide will help organisations comply with the new EU regulations without too much disruption to practices in use at the moment.

Sites will only be investigated by the ICO if complaints are made. This is because it is believed that even after a year’s grace, some sites, both private and governmental, are still not ready to comply with the new law. The ICO will give some grace but sites that have made no or little effort to get ready for the law change and are still not complying with it can expect to be investigated.

However, even then, if an organisation is found guilty it is unlikely to be fined the full £500,000 at first. A lot of websites, especially where user trust is essential, will have to make sure that they are much more open about their use of cookies. Also users need to be educated more about the use of cookies so that they realise that most cookies are actually for their benefit as well.