With only about three months to go before the Information Commissioners’ Office (ICO) start enforcing the cookies regulations which came in last year, website owners might be looking to the larger organisations to give a lead on how to comply. But it would not be helpful to follow Google and Internet Explorer at present.
Reports in IT industry media this week indicate that the ICO are “making enquiries with Google” about the way they use cookies and whether it complies with English law. This follows on from revelations that Google have been sending cookies to users after circumventing users’ settings in the Apple Safari browser. Google says it is removing its advertising cookies and anyway they do not collect personal information.
Microsoft also blogged that Google had been able to send third party cookies to Internet Explorer even if users had opted not to receive them. This led to a war of words with Google around IE’s so-called P3P system (Platform for Privacy Preferences) with Google saying that P3P is impractical for modern web technology and claiming that Microsoft are well aware of the difficulties. (P3P dates back to 2002).
Google users will have seen statements appearing on their Google page about new privacy policies being introduced shortly. Google announced yesterday (23rd February 2012) that it is going to allow a “do-not- track” button to be embedded in its Web browser, letting users restrict the amount of data that can be collected about them which they stated would prevent an individual’s browsing history from being used to tailor ads. So it’s game on and it remains to be seen how this will develop and how the other browser providers will react.
Whilst it might be some consolation to website owners in smaller businesses that even international corporations are not yet ready, it won’t be an excuse come 26 May 2012 when the twelve month preparation period allowed by the ICO comes to an end. The EU Commissioner responsible for the EU directive which led to the new cookies regulation, Neelie Kroes, continues to make it quite clear that she “would not hesitate to employ all available means to ensure our citizens’ right to privacy”. When the regulation was first brought in it was hoped that new browser technology might provide a solution, but at this stage Ms Kroes now recognises that to be more of an “aspiration than a reality”.
What all this means is that website owners need to make their own preparations ahead of 26 May 2012, so that when the ICO start using their enforcement powers they can show that they have actively been taking steps to comply. That will mean each website owner assessing their own site individually and deciding what steps they need to take. The ICO’s updated guidance issued in December 2011 is more comprehensive than their original version and is a more useful starting point – if you haven’t yet started! Some previous blogs on this topic are also listed below.
Sue Mann
Tel: 0845 003 5639
Commercial Solicitor, Birmingham
Previous blogs on this topic which you may wish to look at are:
New rules on the use of cookies
Time to comply with the new rules on the use of cookies
Website owners are warned by Information Commissioner about lack of progress in compliance
New guidance from the ICO about the cookies regulations
Can you rely on exceptions to the cookie regulations?
What you need to do to comply with the cookies regulations
This blog is not intended to constitute legal advice, nor is it intended to be a complete and authoritative statement of the law, and what we say might be out of date by the time you read it. You should always seek legal advice to confirm whether or how any information in this article applies to your particular situation. We offer a free telephone consultation to discuss your particular circumstances.