Companies face potential fines up to ₤500,000 if their websites do not comply with the latest privacy and ‘cookie laws’.

The change in the law (the Privacy & Electronic Communications Regulations) took effect on 26 May 2011 with a grace period of 12 months for website owners to get sorted. We are now very much in the 11th hour and the Government through the Information Commissioner’s Office (ICO) has made it clear that they will not just stand by and tolerate non-compliance.

So what’s it all about?

The Regulations relate to the use of cookies and similar technologies. A cookie is a small file that is generated from a website and then stored on the website user’s computer, smart phone or tablet. The website can then recognize the user’s device which is handy for the likes of online shopping, eg the site remembers what you put in your shopping basket. However, other cookies can be more intrusive compiling personal details. The new law has been introduced to increase protection for the web user.

The ICO would appear to be taking this law very seriously and the opinion is that it will be policed with some vigor and penalties will be handed out to website owners who have failed to comply with the Regulations.

What do website owners need to do?

Websites will have to change – matter of fact. If you haven’t done so already then you need to alter you site for compliance. The key aspect to the Regulations is that consent is required from the user before you can put a cookie on their device. The question then is how to do that without spoiling the website visitor’s experience, causing unnecessary admin work for you and losing visitors, sales and interest.

You must first contact your web developer and establish what cookies if any your site uses. You then need to know what these cookies are being used for. This information should be compiled and set out in your ‘Website Legals’ section of your site. Alongside this you must give your user the opportunity to consent to the use of those cookies.

The law is not clear on the consent aspect, although the ICO has been better than other EU countries in its assistance. Some sites have gone for ‘opt-in boxes’ where the visitor cannot move through the site until consent box is ticked. Some sites have just added a scroll bar saying that the site will operate better with the use of cookies with an ‘Accept’ button. However, a revised set of Website Terms of Use, Privacy Policy and new clear Cookie section should be the way forward for most sites. The ICO says that the more privacy intrusive the cookie is then the more you will have to do to get meaningful consent.

Being seen to be making serious efforts to comply will be a good starting point. Businesses have been slow on this subject of cookie compliance but I suspect that the ICO will not be as slow in prosecuting those choosing not to comply.