The long time coming deadline for enforcement of e-privacy
legislation to include cookies, finally arrives this Saturday
26th May. In summary, the law states that every business
or organisation that operates in the digital world must gain
positive consent from consumers before any tracking technology is
deployed on their web enabled device.
All the indicators suggest that many businesses may miss the UK
deadline and the BBC reports (17th May) that the UK
Government itself will miss the deadline to make necessary changes
for many of its own department websites.
Other EU markets are struggling too. Very recently, Germany for
example, hasn't even put the directive into law yet. Others haven't
had the one year 'grace period' like we've had in the UK, yet
many businesses here are still not compliant a year on. So it's
difficult to judge the risk of being prosecuted in each market
Fortunately, in the UK a lot of industry thinking and a lot more
clarity has evolved in recent weeks. There are now some live
examples of websites which have taken measures to comply with the
updated law. Some are good whilst others are not so great.
From May 26th, businesses in the UK could be subject
to prosecution if they aren't compliant. However, it's clear that
the Information Commissioner's Office is taking a very pragmatic
view about the whole thing and indeed being a 'lean department',
enforcing the cookie law is unlikely to be at the top of their
The official advice is to do a cookie audit, document a plan and
implement a solution. Every business should have completed this
before the deadline. But if you haven't got a solution ready, you
must have made some demonstrable progress, because otherwise you're
at risk, albeit a low risk.
So the message really is to keep calm and cookie on, calm at
least until the next wave of legislation arrives soon in the form
of the draft EU Data Protection Act…
TMW has produced a whitepaper on how to achieve effective
compliance, which can be downloaded here.