On May 26th 2011 a new EU originated law came into effect that required website owners to make significant changes to their sites and may fundamentally change the whole web browsing and shopping experience for all UK businesses.
The EU Privacy and Electronic Communications Directive was modified in November 2009 to include an effort to regulate online cookies and local browser storage. According to the previous law, websites had to allow people to opt-out of cookies. However, the European Parliament decided that users should be asked to opt in before cookies are placed on their computers. The UK then imported the same wording of the directive into UK law in May 2011, but gave UK websites one year to comply with the law. The deadline for compliance with the law is 26 May 2012.
The Information Commissioner, head of the ICO, the body responsible for enforcing the new law stated in April that businesses in the UK were in the ’11th hour’ of the grace period, and made it very clear that those site owners that continue to adopt a ‘wait and see what happens’ policy, are running a much higher risk of enforcement than anyone else.
The ICO also promised to take a hard-line approach to enforcement, with a proactive campaign rather than the reactive route the organisation has taken in the past. However with limited resources this indicates that the ICO will target high-profile, visitor –heavy sites rather than a mass scattergun approach.
This doesn’t mean that we should be complacent about compliance; every website owner should make some effort to at least move towards compliance. On May 26th, try to avoid being an easy target – sometimes the powers that be might want to have a sacrificial lamb to show how determined they are – or to meet Government targets.
You never know.
For our own website we have taken the stance that we alert users to the fact that cookies are used and explain how they are used, giving them the option to stay and have cookies on their computer or to leave the site and delete the cookies our site has placed should they so wish. If someone dismisses the message, their consent is deemed implicit.
The Government were far too quick to jump on this directive – the UK are only one of three of the 27 EU member states to sign up to it, and they now have to enforce something that is so vague that it could be more aptly described as the EU Sieve directive – lots of holes that nobody is sure how to plug.
Our earnings from the digital industry is enormous – but will this latest directive drive companies – and their taxable profits – to offshore havens whose privacy concerns are not taken to the extreme?
For example, the affiliate marketing industry — which relies on cookies to show on which sites people have seen brand promotions — could be damaged to the cost of £80 million. The decamping from the UK of the online gambling industry showed what happens when Governments get legislation-happy and the exodus of businesses to other territories to avoid the cost of compliance with the EU directive could cost the country as much as £2.922 billion in lost revenues.