The Information Commissioner’s Office has received complaints about websites dropping cookies less that a fortnight after new rules were introduced. The ICO will now write to the websites concerned to issue a warning.
An EU directive became law in the UK on 26 May and states that websites can only drop cookies – small text files left by websites on a user’s computer – if a person has given prior consent.
Before the new rules came into force users had to be given the option to opt out of receiving cookies and similar files which are used to gather data, but now users must opt in unless a website deems that it is “strictly necessary” to drop a cookie.
The ICO has the power to fine websites, including news sites, up to £500,000 for non-compliance. Speaking at the ABC Interaction conference yesterday Katherine Vander from the ICO said financial penalties would only by levied on “persistent offenders”.
New rules were introduced last month but websites were given a year to demonstrate how they plan comply with the new rules.
Internet users have already complained to the ICO, an independent public body based in Cheshire whose role it is to enforce the data protection act and the freedom of information act, which receives 30,000 complaints a year about data protection.
The UK is said to be leading the way in being early to adopt the EU cookie directive but there has been much backlash by the online industry against the new rules as cookies gather valuable audience data.
The ICO has received negative comments about how it has handled publicity around the new rules. “We’ve been criticised for not being more prescriptive. But we’re not best-placed to tell you,” Vander said.
“We fully recognise the challenges of implementing these requirements.
“You can be very clever how you get consent,” she told the conference, which included news organisations, suggesting the industry should seek to find ways to ask users to opt in to receive cookies. “It doesn’t have to involve ticking a box but it has to involve someone taking a positive action in some way,” she said.
Zuzanna Gierlinska from Microsoft Media Network, which handles display advertising, proposed the industry encourages transparency in the collection of consumers’ data.
“We operate in a Wild West environment when it comes to data. It’s bought and sold and it’s mostly misunderstood by the user.
“Lack of transparency breeds mistrust and threatens the online industry.”
Zuzanna Gierlinska suggests self-regulation of the advertising industry though companies adopting the so-called Online Behavioural Advertising Framework, adding an icon to sit beside advertising to tell the consumer if data is being collected.
Referring to the fact that the government is working with browser manufacturers to develop in-browser solutions, Ashley Friedlein, CEO and founder of Econsultancy, who also spoke at the event, said: “Personally, I’ve always felt doing this at a browser level is the only sensible solution.”
He added: “I can’t see what is currently being asked is practical so I think everyone is going to ignore it until something bad happens.”
Pingback: Malcolm Coles: Four sites already implementing cookie law | Journalism.co.uk Editors' Blog